Poster abstract : Energy-efficient rate adaptive MAC Protocol (RA-MAC) for long-lived sensor networks

This paper introduces an energy-efficient Rate Adaptive MAC (RA-MAC) protocol for long-lived Wireless Sensor Networks (WSN). Previous research shows that the dynamic and lossy nature of wireless communication is one of the major challenges to reliable data delivery in a WSN. RA-MAC achieves high link reliability in such situations by dynamically trading off radio bit rate for signal processing gain. This extra gain reduces the packet loss rate which results in lower energy expenditure by reducing the number of retransmissions. RA-MAC selects the optimal data rate based on channel conditions with the aim of minimizing energy consumption. We have implemented RA-MAC in TinyOS on an off-the-shelf sensor platform (TinyNode), and evaluated its performance by comparing RA-MAC with state-ofthe- art WSN MAC protocol (SCP-MAC) by experiments.

Analysis of indirect message injection for MAC generation using stream ciphers

This paper presents a model for generating a MAC tag with a stream cipher using the input message indirectly. Several recent proposals represent instances of this model with slightly different options. We investigate the security of this model for different options, and identify cases which permit forgery attacks. Based on this, we present a new forgery attack on version 1.4 of 128-EIA3. Design recommendations to enhance the security of proposals following this general model are given.

A general model for MAC generation using direct injection

This paper presents a model for generating a MAC tag by injecting the input message directly into the internal state of a nonlinear filter generator. This model generalises a similar model for unkeyed hash functions proposed by Nakano et al. We develop a matrix representation for the accumulation phase of our model and use it to analyse the security of the model against man-in-the-middle forgery attacks based on collisions in the final register contents. The results of this analysis show that some conclusions of Nakano et al regarding the security of their model are incorrect. We also use our results to comment on several recent MAC proposals which can be considered as instances of our model and specify choices of options within the model which should prevent the type of forgery discussed here. In particular, suitable initialisation of the register and active use of a secure nonlinear filter will prevent an attacker from finding a collision in the final register contents which could result in a forged MAC.

Fundamental understanding on the use of Bluetooth MAC scanner for arterial travel time estimation

This report is the eight deliverable of the Real Time and Predictive Traveller Information project and the third deliverable of the Arterial Travel Time Information sub-project in the Integrated Traveller Information research Domain of the Smart Transport Research Centre. The primary objective of the Arterial Travel Time Information sub-project is to develop algorithms for real-time travel time estimation and prediction models for arterial traffic. Brisbane arterial network is highly equipped with Bluetooth MAC Scanners, which can provide travel time information. Literature is limited with the knowledge on the Bluetooth protocol based data acquisition process and accuracy and reliability of the analysis performed using the data. This report expands the body of knowledge surrounding the use of data from Bluetooth MAC Scanner (BMS) as a complementary traffic data source. A multi layer simulation model named Traffic and Communication Simulation (TCS) is developed. TCS is utilised to model the theoretical properties of the BMS data and analyse the accuracy and reliability of travel time estimation using the BMS data.

On the use of Bluetooth MAC Scanners for live reporting of the transport network

Recently there has been significant interest of researchers and practitioners on the use of Bluetooth as a complementary transport data. However, literature is limited with the understanding of the Bluetooth MAC Scanner (BMS) based data acquisition process and the properties of the data being collected. This paper first provides an insight on the BMS data acquisition process. Thereafter, it discovers the interesting facts from analysis of the real BMS data from both motorway and arterial networks of Brisbane, Australia. The knowledge gained is helpful for researchers and practitioners to understand the BMS data being collected which is vital to the development of management and control algorithms using the data.

Indirect message injection for MAC generation

This paper presents a model for the generation of a MAC tag using a stream cipher. The input message is used indirectly to control segments of the keystream that form the MAC tag. Several recent proposals can be considered as instances of this general model, as they all perform message accumulation in this way. However, they use slightly different processes in the message preparation and finalisation phases. We examine the security of this model for different options and against different types of attack, and conclude that the indirect injection model can be used to generate MAC tags securely for certain combinations of options. Careful consideration is required at the design stage to avoid combinations of options that result in susceptibility to forgery attacks. Additionally, some implementations may be vulnerable to side-channel attacks if used in Authenticated Encryption (AE) algorithms. We give design recommendations to provide resistance to these attacks for proposals following this model.

Is bus overrepresented in Bluetooth MAC Scanner data? Is MAC-ID really unique?

One of the concerns about the use of Bluetooth MAC Scanner (BMS) data, especially from urban arterial, is the bias in the travel time estimates from multiple Bluetooth devices being transported by a vehicle. For instance, if a bus is transporting 20 passengers with Bluetooth equipped mobile phones, then the discovery of these mobile phones by BMS will be considered as 20 different vehicles, and the average travel time along the corridor estimated from the BMS data will be biased with the travel time from the bus. This paper integrates Bus Vehicle Identification system with BMS network to empirically evaluate such bias, if any. The paper also reports an interesting finding on the uniqueness of MAC IDs.

Bluetooth and Wi-Fi MAC address based crowd data collection and monitoring : benefits, challenges and enhancement

This paper firstly presents the benefits and critical challenges on the use of Bluetooth and Wi-Fi for crowd data collection and monitoring. The major challenges include antenna characteristics, environment’s complexity and scanning features. Wi-Fi and Bluetooth are compared in this paper in terms of architecture, discovery time, popularity of use and signal strength. Type of antennas used and the environment’s complexity such as trees for outdoor and partitions for indoor spaces highly affect the scanning range. The aforementioned challenges are empirically evaluated by “real” experiments using Bluetooth and Wi-Fi Scanners. The issues related to the antenna characteristics are also highlighted by experimenting with different antenna types. Novel scanning approaches including Overlapped Zones and Single Point Multi-Range detection methods will be then presented and verified by real-world tests. These novel techniques will be applied for location identification of the MAC IDs captured that can extract more information about people movement dynamics.

Monitoring spatiotemporal dynamics of human movement based on MAC address data

This thesis was a step forward in extracting valuable features from human's movement behaviour in terms of space utilisation based on Media-Access-Control data. This research offered a low-cost and less computational complexity approach compared to existing human's movement tracking methods. This research was successfully applied in QUT's Gardens Point campus and can be scaled to bigger environments and societies. Extractable information from human's movement by this approach can add a significant value to studying human's movement behaviour, enhancing future urban and interior design, improving crowd safety and evacuation plans.

Practical attack on NLM-MAC scheme

The NLM stream cipher designed by Hoon Jae Lee, Sang Min Sung, Hyeong Rag Kim is a strengthened version of the LM summation generator that combines linear and non-linear feedback shift registers. In recent works, the NLM cipher has been used for message authentication in lightweight communication over wireless sensor networks and for RFID authentication protocols. The work analyses the security of the NLM stream cipher and the NLM-MAC scheme that is built on the top of the NLM cipher. We first show that the NLM cipher suffers from two major weaknesses that lead to key recovery and forgery attacks. We prove the internal state of the NLM cipher can be recovered with time complexity about nlog7×2, where the total length of internal state is 2⋅n+22⋅n+2 bits. The attack needs about n2n2 key-stream bits. We also show adversary is able to forge any MAC tag very efficiently by having only one pair (MAC tag, ciphertext). The proposed attacks are practical and break the scheme with a negligible error probability.

Assessment of antenna characteristic effects on pedestrian and cyclists travel-time estimation based on Bluetooth and WiFi MAC addresses

Monitoring pedestrian and cyclists movement is an important area of research in transport, crowd safety, urban design and human behaviour assessment areas. Media Access Control (MAC) address data has been recently used as potential information for extracting features from people’s movement. MAC addresses are unique identifiers of WiFi and Bluetooth wireless technologies in smart electronics devices such as mobile phones, laptops and tablets. The unique number of each WiFi and Bluetooth MAC address can be captured and stored by MAC address scanners. MAC addresses data in fact allows for unannounced, non-participatory, and tracking of people. The use of MAC data for tracking people has been focused recently for applying in mass events, shopping centres, airports, train stations etc. In terms of travel time estimation, setting up a scanner with a big value of antenna’s gain is usually recommended for highways and main roads to track vehicle’s movements, whereas big gains can have some drawbacks in case of pedestrian and cyclists. Pedestrian and cyclists mainly move in built distinctions and city pathways where there is significant noises from other fixed WiFi and Bluetooth. Big antenna’s gains will cover wide areas that results in scanning more samples from pedestrians and cyclists’ MAC device. However, anomalies (such fixed devices) may be captured that increase the complexity and processing time of data analysis. On the other hand, small gain antennas will have lesser anomalies in the data but at the cost of lower overall sample size of pedestrian and cyclist’s data. This paper studies the effect of antenna characteristics on MAC address data in terms of travel-time estimation for pedestrians and cyclists. The results of the empirical case study compare the effects of small and big antenna gains in order to suggest optimal set up for increasing the accuracy of pedestrians and cyclists’ travel-time estimation.

Design of a TDD Multisector TDM MAC for the WiFiRe Proposal for Rural Broadband Access

The WiFiRe (WiFi Rural Extension) proposal for rural broadband access is being developed under the aegis of CEWIT. The system leverages the widely available, and highly cost-reduced, WiFi chipsets. However, only the physical layer from these chipsets is retained. A single base station carries several WiFi transceivers, each serving one sector of the cell, and all operating on the same WiFi channel in a time division duplex (TDD) manner. We replace the contention based WiFi MAC with a single-channel TDD multisector TDM MAC similar to the WiMax MAC. In this paper we discuss in detail the issues in designing such a MAC for the purpose of carrying packet voice telephony and for Internet access. The problem of determining the optimal spatial reuse is formulated and the optimal spatial reuse and the corresponding cell size is derived. Then the voice and data scheduler is designed. It is shown how throughput fairness can be implemented in the data scheduler. A capacity assessment of the system is also provided.

A deadline-constrained 802.11 MAC Protocol with QoS differentiation for soft real-time control

As one of the most widely used wireless network technologies, IEEE 802.11 wireless local area networks (WLANs) have found a dramatically increasing number of applications in soft real-time networked control systems (NCSs). To fulfill the real-time requirements in such NCSs, most of the bandwidth of the wireless networks need to be allocated to high-priority data for periodic measurements and control with deadline requirements. However, existing QoS-enabled 802.11 medium access control (MAC) protocols do not consider the deadline requirements explicitly, leading to unpredictable deadline performance of NCS networks. Consequentially, the soft real-time requirements of the periodic traffic may not be satisfied, particularly under congested network conditions. This paper makes two main contributions to address this problem in wireless NCSs. Firstly, a deadline-constrained MAC protocol with QoS differentiation is presented for IEEE 802.11 soft real-time NCSs. It handles periodic traffic by developing two specific mechanisms: a contention-sensitive backoff mechanism, and an intra-traffic-class QoS differentiation mechanism. Secondly, a theoretical model is established to describe the deadline-constrained MAC protocol and evaluate its performance of throughput, delay and packet-loss ratio in wireless NCSs. Numerical studies are conducted to validate the accuracy of the theoretical model and to demonstrate the effectiveness of the new MAC protocol.

A Slotted Aloha joint MAC-cum-Routing protocol for data gathering sensor network applications

In this paper we have proposed and implemented a joint Medium Access Control (MAC) -cum- Routing scheme for environment data gathering sensor networks. The design principle uses node 'battery lifetime' maximization to be traded against a network that is capable of tolerating: A known percentage of combined packet losses due to packet collisions, network synchronization mismatch and channel impairments Significant end-to-end delay of an order of few seconds We have achieved this with a loosely synchronized network of sensor nodes that implement Slotted-Aloha MAC state machine together with route information. The scheme has given encouraging results in terms of energy savings compared to other popular implementations. The overall packet loss is about 12%. The battery life time increase compared to B-MAC varies from a minimum of 30% to about 90% depending on the duty cycle.

Energy efficient change detection over a MAC using physical layer fusion

We propose a simple and energy efficient distributed change detection scheme for sensor networks based on Page's parametric CUSUM algorithm. The sensor observations are IID over time and across the sensors conditioned on the change variable. Each sensor runs CUSUM and transmits only when the CUSUM is above some threshold. The transmissions from the sensors are fused at the physical layer. The channel is modeled as a multiple access channel (MAC) corrupted with IID noise. The fusion center which is the global decision maker, performs another CUSUM to detect the change. We provide the analysis and simulation results for our scheme and compare the performance with an existing scheme which ensures energy efficiency via optimal power selection.