Chandana Gamage

Taking Sensor Networks from the Lab to the Jungle

Sensor networks pose unique technical and logistical challenges. One of the most widely cited applications for sensor networks is monitoring national borders for humans attempting to surreptitiously cross on foot, especially at night. Other suggested applications of sensor networks include battlefield observation and forest fire detection

Encrypted Message Authentication by Firewalls

Firewalls typically filter network traffic at several different layers. At application layer, filtering is based on various security relevant information encapsulated into protocol messages. The major obstacle for efficient verification of authenticity of messages at application layer is the difficulty of verifying digital signatures without disclosure of content protected by encryption. This is due to a traditional paradigm of generating a digital signature of a message and then encrypting the signature together with the message to preserve confidentiality, integrity, non-repudiation and authenticity. To overcome this limitation, a scheme shall be proposed for enabling signature verification without disclosing the content of messages. To provide maximum efficiency, the scheme is based on digital signcryption.

Enabling DRM-preserving digital content redistribution

Traditionally, the process of online digital content distribution has involved a limited number of centralised distributors selling protected contents and licenses authorising the use of these contents, to consumers. In this paper, we extend this model by introducing a security scheme that enables DRM preserving digital content redistribution. Essentially consumers can not only buy the rights to use digital content but also the rights to redistribute it to other consumers in a DRM controlled fashion. We examine the threats associated with such a redistribution model and explain how our scheme addresses them.

An Identity-based Ring Signature Scheme with Enhanced Privacy

There are many applications in which it is necessary to transmit authenticatable messages while achieving certain privacy goals such as signer ambiguity. The emerging area of vehicular ad-hoc network is a good example application domain with this requirement The ring signature technique that uses an ad-hoc group of signer identities is a widely used method for generating this type of privacy preserving digital signatures. The identity-based cryptographic techniques do not require certificates. The construction of ring signatures using identity-based cryptography allow for privacy preserving digital signatures to be created in application when certificates are not readily available or desirable such as in vehicle area networks. We propose a new designated verifier identity-based ring signature scheme that is secure against full key exposure attacks even for a small group size. This is a general purpose primitive that can be used in many application domains such as ubiquitous computing where signer ambiguity is required in small groups. We consider the usefulness of identity-based cryptographic primitives in vehicular ad-hoc networks and use a specific example application to illustrate the use of identity-based ring signatures as a tool to create privacy preserving authenticatable messages

Organizational Modeling for Efficient Specification of Information Security Requirements

Functional security requirements of information systems can roughly be classified into two: computer security requirements and communications security requirements. Challenges for developing notations for expressing these requirements are numerous, most importantly the difficulty of dealing with layers of abstraction, flexibility to adapt into many types of requirements, groupings of requirements, and requirement dependencies. Many frameworks for dealing with information security highlight the importance of a properly defined organization of security but fail to establish models to support the specification. This paper establishes one such model and demonstrates how the above difficulties can be overcome through extensive application of organizational modeling of information security.

Security for the Mythical Air-Dropped Sensor Network

The research area of very large scale wireless sensor networks made of low-cost sensors is gaining a lot of interest as witnessed by the large number of published papers. The security aspects of such networks are addressed as well, and in particular many security papers investigating the security aspects of such networks make important assumptions about the capabilities of low-cost sensors. Consequently, the techniques proposed in the current literature to provide security properties for this low-cost wireless sensor networks are heavily shaped by such assumptions. In this position paper, we challenge such assumptions by presenting the results of an experiment we conducted using sensors representative of low cost units. And we show that the same security properties can be better provided using techniques based on application-specific knowledge, heuristics and statistical tests. Finally, we show that one of the most highly cited application scenarios to motivate such techniques, the air-dropped sensor network, is likely to be more a myth than a realistic scenario for low-cost sensors.

One-Time sensors: a novel concept to mitigate node-capture attacks

Dealing with captured nodes is generally accepted as the most difficult challenge to wireless sensor network security. By utilizing the low-cost property of sensor nodes, we introduce the novel concept of one-time sensors to mitigate node-capture attacks. The basic idea is to load each sensor with only one cryptographic token so that the captured node can inject only a single malicious message into the network. In addition, sybil attacks are avoided and explicit revocation is not necessary using one-time sensors. By using public key techniques, one-way hash functions and Merkle’s hash tree, we also show efficient implementations and interesting tradeoffs for one-time sensors.

A framework for whole-body gesture recognition from video feeds

The growth of technology continues to make both hardware and software affordable and accessible creating space for the emergence of new applications. Rapid growth in computer vision and image processing applications have been evident in recent years. One area of interest in vision and image processing is automated identification of objects in real-time or recorded video streams and analysis of these identified objects. An important topic of research in this context is identification of humans and interpreting their actions. Human motion identification and video processing have been used in critical crime investigations and highly technical applications usually involving skilled human experts. Although the technology has many uses that can be applied in every day activities, it has not been put into such use due to requirements in sophisticated technology, human skill and high implementation costs. This paper presents a system, which is a major part of a project called moveIt (movements interpreted), that receives video as input to process and recognize gestures of the objects of interest (the human whole body). Basic functionality of this system is to receive video stream as input and produce outputs gesture analysis of each object through a staged process of object detection, tracking, modeling and recognition of gestures as intermediate steps.

Case study of WSN as a replacement for SCADA

The increasing interconnectivity of SCADA (Supervisory Control and Data Acquisition) networks has exposed them to a wide range of network security problems. Also in that case WSN (Wireless Sensor Networks, which is a new computing paradigm that emerged from the fusion of the SCADA systems and Ad hoc networks technologies, have gained the advantage over SCADA due to its simplicity and the ad-hoc nature of the network. This paper provides an overview of all the issues that are involved in strengthening the interconnectivity of SCADA networks and how the WSN has gained the advantage as a solution for SCADA. The paper describes the general architecture of WSN and SCADA networks and the properties of some of the commonly used SCADA communication protocols. This paper presents an overview of challenges in the design and implementation of WSNs. It summarizes the potential challenges that influence the WSNs design. Also this paper proposes an example solution to interconnect such environments using low cost and customizable sensor nodes which each has the computational power built in.

Chaos theory based cryptography in digital image distribution

The amount of visual information available in digital format has grown exponentially in recent years due to the wide availability of digital equipments, changes in the way people socially interact by setting up community web pages, wide spread use of the Internet in all types of personal and business activities, pay-after-trial services of digital multimedia and developments in high speed transmission of digital images with high reliability. However, the wide accessibility of the Internet and its connected hosts and availability of technology to capture network traffic or penetrate hosts have made digital images vulnerable to unauthorized access while in storage and during transmission over a network. Hence users of the Internet and application that use or process digital images need to address security issues to protect commercial value of images and also ensure user privacy and other issues. The objective of the research presented in this paper focused on proposing an image encryption technique which is capable of encrypting an image effectively and securely with a predefined visibility level. The stipulated objective is achieved by employing 2D chaotic map called the Kaplan-Yorke map.