Lightweight authentication for recovery in wireless sensor networks

Wireless sensor networks (WSNs) suffer from a wide range of security attacks due to their limited processing and energy capabilities. Their use in numerous mission critical applications, however, requires that fast recovery from such attacks be achieved. Much research has been completed on detection of security attacks, while very little attention has been paid to recovery from an attack. In this paper, we propose a novel, lightweight authentication protocol that can secure network and node recovery operations such as re-clustering and reprogramming. Our protocol is based on hash functions and we compare the performance of two well-known lightweight hash functions, SHA-1 and Rabin. We demonstrate that our authentication protocol can be implemented efficiently on a sensor network test-bed with TelosB motes. Further, our experimental results show that our protocol is efficient both in terms of computational overhead and execution times which makes it suitable for low resourced sensor devices.<br /

Zauthly: a zero trust Oauth2 authorization tool

Master's Project (M.S.) University of Alaska Fairbanks, 2022Controlling authentication and authorization is a pivotal part of managing modern web resources. Over the past decade, Oauth and OpenID Connect have shown that they are capable and secure protocols used for secure communication between the Identity Providers (IdP) and requesting parties that consume them. Zero Trust (ZT) architectures are based on authenticating individual requests instead of machines or networks. ZT has shown a pathway that enables a more secure flow oftrusted communication. This is done by defining the control systems and their counterpart the data systems. Zauthly applies ZT principles to Oauth2 flows to create a middleware service that solely controls the authorization ofusers. It aims to enable increased security in existing tools and control flows while it utilizes Google as an IdP to enable authentication of end users. A Single Sign On (SSO) proxy is used to consume the provided Oauth2 authorization from Zauthly. Then its users are managed by a simple interface that communicates with a user database. Zauthly is designed to be deployed in a modular way drawing inspiration from the microservice architectural style. Its deployment is controlled by Docker and Docker-Compose to provide enhanced scalability and flexibility. This paper will explore the design choices of Zauthly, relevant drawbacks, and performance of the tool

Recovery mechanism on sensor networks

On the completion of project, we propose novel recovery mechanisms which recovers limited-resource wireless sensor networks quickly from an malicious attack. The research outcomes include re-clustering algorithms, reprogramming techniques and authentications protocols developed and tested on both hardware and simulation platforms. The work is also well compared with other researchers

E-crimes and e-authentication - a legal perspective

E-crimes continue to generate grave challenges to the ICT regulatory agenda. Because e-crimes involve a wrongful appropriation of information online, it is enquired whether information is property which is capable of being stolen. This then requires an investigation to be made of the law of property. The basis for this scrutiny is to establish if information is property for purposes of the law. Following a study of the Roman-Dutch law approach to property, it is argued that the emergence of an information society makes real rights in information possible. This is the position because information is one of the indispensable assets of an information society. Given the fact that information can be the object of property, its position in the law of theft is investigated. This study is followed by an examination of the conventional risks that ICTs generate. For example, a risk exists that ICTs may be used as the object of e-crimes. Furthermore, there is a risk that ICTs may become a tool in order to appropriate information unlawfully. Accordingly, the scale and impact of e-crimes is more than those of the offline crimes, for example theft or fraud. The severe challenges that ICTs pose to an information society are likely to continue if clarity is not sought regarding: whether ICTs can be regulated or not, if ICTs can be regulated, how should an ICT regulatory framework be structured? A study of the law and regulation for regulatory purposes reveals that ICTs are spheres where regulations apply or should apply. However, better regulations are appropriate in dealing with the dynamics of these technologies. Smart-regulations, meta-regulations or reflexive regulations, self-regulations and co-regulations are concepts that support better regulations. Better regulations enjoin the regulatory industries, for example the state, businesses and computer users to be involved in establishing ICT regulations. These ICT regulations should specifically be in keeping with the existing e-authentication measures. Furthermore, the codes-based theory, the Danger or Artificial Immune Systems (the AIS) theory, the Systems theory and the Good Regulator Theorem ought to inform ICT regulations. The basis for all this should be to establish a holistic approach to e-authentication. This approach must conform to the Precautionary Approach to E-Authentication or PAEA. PAEA accepts the importance of legal rules in the ICT regulatory agenda. However, it argues that flexible regulations could provide a suitable framework within which ICTs and the ICT risks are controlled. In addition, PAEA submit that a state should not be the single role-player in ICT regulations. Social norms, the market and nature or architecture of the technology to be regulated are also fundamental to the ICT regulatory agenda.JurisprudenceLL. D

A model for information security management and regulatory compliance in the South African health sector

Information Security is becoming a part of the core business processes in every organization. Companies are faced with contradictory requirements to ensure open systems and accessible information while maintaining high protection standards. In addition, the contemporary management of Information Security requires a variety of approaches in different areas, ranging from technological to organizational issues and legislation. These approaches are often isolated while Security Management requires an integrated approach. Information Technology promises many benefits to healthcare organizations. It helps to make accurate information more readily available to healthcare providers and workers, researchers and patients and advanced computing and communication technology can improve the quality and lower the costs of healthcare. However, the prospect of storing health information in an electronic form raises concerns about patient privacy and security. Healthcare organizations are required to establish formal Information Security program, for example through the adoption of the ISO 17799 standard, to ensure an appropriate and consistent level of information security for computer-based patient records, both within individual healthcare organizations and throughout the entire healthcare delivery system. However, proper Information Security Management practices, alone, do not necessarily ensure regulatory compliance. South African healthcare organizations must comply with the South African National Health Act (SANHA) and the Electronic Communication Transaction Act (ECTA). It is necessary to consider compliance with the Health Insurance Portability and Accountability Act (HIPAA) to meet healthcare international industry standards. The main purpose of this project is to propose a compliance strategy, which ensures full compliance with regulatory requirements and at the same time assures customers that international industry standards are being used. This is preceded by a comparative analysis of the requirements posed by the ISO 17799 standard and the HIPAA, SANHA and ECTA regulations

Authentication Systems for Secure Networks

For computer scientists, electrical engineers, and network specialists, explains the authentication and key distribution systems that are replacing traditional passwords for computer security. Describes and compares the systems currently available, including Kerberos, NetSP, SPX, TESS, and SESAME.