The Proceedings of 14th Australian Information Security Management Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fourteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Fifteen papers were submitted from Australia and overseas, of which ten were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conferences. To our sponsors also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Ambient intelligence in buildings : design and development of an interoperable Internet of Things platform

During many years, people and governments have been warned about the increasing levels of pollution and greenhouse gases (GHG) emissions that are endangering our lives on this planet. The Information and Communication Technology sector, usually known as the ICT sector, responsible for the computerization of the society, has been pinpointed as one of the most important sectors contributing to such a problem. Many efforts, however, have been put to shift the trend towards the utilization of renewable resources, such as wind or solar power. Even though governments have agreed to follow this path and avoid the usage of non-renewable energies, it is not enough. Although the ICT sector might seem an added problem due to the number of connected devices, technology improvements and hardware optimization enable new ways of fighting against global warming and GHG emissions. The aforementioned computerization has forced companies to evolve their work into a computer-assisted one. Due to this, companies are now forced to establish their main headquarters inside buildings for work coordination, connection and management. Due to this, buildings are becoming one of the most important issues regarding energy consumption. In order to cope with such problem, the Internet of Things (IoT) offers new paradigms and alternatives for leading the change. IoT is commonly defined as the network of physical and virtual objects that are capable of collecting surrounding data and exchanging it between them or through the Internet. Thanks to these networks, it is possible to monitor any thinkable metric inside buildings, and, then, utilize this information to build efficient automated systems, commonly known as Building Energy Management Systems (BEMS), capable of extracting conclusions on how to optimally and efficiently manage the resources of the building. ICT companies have foreseen this market opportunity that, paired with the appearance of smaller, efficient and more durable sensors, allows the development of efficient IoT systems. However, the lack of agreement and standardization creates chaos inside IoT, and the horizontal connectivity between such systems is still a challenge. Moreover, the vast amount of data to process requires the utilization of Big Data techniques to guarantee close to real-time responses. This thesis initially presents a standard Cloud-based IoT architecture that tries to cope with the aforementioned problems by employing a Cloud middleware that obfuscates the underlying hardware architecture and permits the aggregation of data from multiple heterogeneous sources. Also, sensor information is exposed to any third-party client after authentication. The utilization of automated IoT systems for managing building resources requires high reliability, resilience, and availability. The loss of sensor data is not permitted due to the negative consequences it might have, such as disruptive resource management. For this, it is mandatory to grant backup options to sensor networks in order to guarantee correct functioning in case of partial network disconnections. Additionally, the placement of the sensors inside the building must guarantee minimal energy consumption while fulfilling sensing requirements. Finally, a building resource management use case is presented by means of a simulation tool. The tool draws on occupants' probabilistic models and environmental condition models for actuating upon building elements to ensure optimal and efficient functioning. Occupants' comfort is also taken into consideration and the trade-off between the two metrics is studied. All the presented work is meant to deliver insights and tools for current and future IoT system implementations by setting the basis for standardization agreements yet to happen.Durant molts anys, s'ha alertat a la població i als governs sobre l'increment en els nivells de pol·lució i d'emissió de gasos d'efecte hivernacle, que estan posant en perill la nostra vida a la Terra. El sector de les Tecnologies de la Informació i Comunicació, normalment conegut com les TIC, responsable de la informatització de la societat, ha estat senyalat com un dels sectors més importants encarregat d'agreujar tal problema. Però, molt esforç s'està posant per revertir aquesta situació mitjançant l'ús de recursos renovables, com l'energia eòlica o solar. Tot i que els governs han acordat seguir dit camí i evitar l'ús d'energia no renovable tant com sigui possible, no és suficient per erradicar el problema. Encara que el sector de les TIC pugui semblar un problema afegit donada la gran quantitat i l'increment de dispositius connectats, les millores en tecnologia i en hardware estan habilitant noves maneres de lluitar contra l'escalfament global i l'emissió de gasos d'efecte hivernacle. La informatització, anteriorment mencionada, ha forçat a les empreses a evolucionar el seu model de negoci cap a un més enfocat a la utilització de xarxes d'ordinadors per gestionar els seus recursos. Per això, dites companyies s'estan veient forçades a establir les seves seus centrals dintre d'edificis, per tenir un major control sobre la coordinació, connexió i maneig dels seus recursos. Això està provocant un augment en el consum energètic dels edificis, que s'estan convertint en un dels principals problemes. Per poder fer front al problema, la Internet de les Coses o Internet of Things (IoT) ofereix nous paradigmes i alternatives per liderar el canvi. IoT es defineix com la xarxa d'objectes físics i virtuals, capaços de recol·lectar la informació per construir sistemes automatitzats, coneguts com a Sistemes de Gestió Energètica per Edificis, capaços d'extreure conclusions sobre com utilitzar de manera eficient i òptima els recursos de l'edifici. Companyies pertanyents a les TIC han previst aquesta oportunitat de mercat que, en sincronia amb l'aparició de sensors més petits, eficients i duradors, permeten el desenvolupament de sistemes IoT eficients. Però, la falta d'acord en quant a l'estandardització de dits sistemes està creant un escenari caòtic, ja que s'està fent impossible la connectivitat horitzontal entre dits sistemes. A més, la gran quantitat de dades a processar requereix la utilització de tècniques de Big Data per poder garantir respostes en temps acceptables. Aquesta tesi presenta, inicialment, una arquitectura IoT estàndard basada en la Neu, que tracta de fer front als problemes anteriorment presentats mitjançant l'ús d'un middleware allotjat a la Neu que ofusca l'arquitectura hardware subjacent i permet l'agregació de la informació originada des de múltiples fonts heterogènies. A més, la informació dels sensors s'exposa perquè qualsevol client de tercers pugui consultar-la, després d'haver-se autenticat. La utilització de sistemes IoT automatitzats per gestionar els recursos dels edificis requereix un alt nivell de fiabilitat, resistència i disponibilitat. La perduda d'informació no està permesa degut a les conseqüències negatives que podría suposar, com una mala presa de decisions. Per això, és obligatori atorgar opcions de backup a les xarxes de sensors per garantir un correcte funcionament inclús quan es produeixen desconnexions parcials de la xarxa. Addicionalment, la col·locació dels sensors dintre de l'edifici ha de garantir un consum energètic mínim dintre de les restriccions de desplegament imposades. Finalment, presentem un cas d'ús d'un Sistema de Gestió Energètica per Edificis mitjançant una eina de simulació. Dita eina utilitza com informació d'entrada models probabilístics sobre les accions dels ocupants i models sobre la condició ambiental per actuar sobre els elements de l'edifici i garantir un funcionament òptim i eficient. A més, el confort dels ocupants també es considera com mètrica a optimitzar. Donada la impossibilitat d’optimitzar les dues mètriques de manera conjunta, aquesta tesi també presenta un estudi sobre el trade-off que existeix entre elles. Tot el treball presentat està pensat per atorgar idees i eines pels sistemes IoT actuals i futurs, i assentar les bases per l’estandardització que encara està per arribar.Durante muchos años, se ha alertado a la población y a los gobiernos acerca del incremento en los niveles de polución y de emisión de gases de efecto invernadero, que están poniendo en peligro nuestra vida en la Tierra. El sector de las Tecnologías de la Información y Comunicación, normalmente conocido como las TIC, responsable de la informatización de la sociedad, ha sido señalada como uno de los sectores más importantes encargado de agravar tal problema. Sin embargo, mucho esfuerzo se está poniendo para revertir esta situación mediante el uso de recursos renovables, como la energía eólica o solar. A pesar de que los gobiernos han acordado seguir dicho camino y evitar el uso de energía no renovable tanto como sea posible, no es suficiente para erradicar el problema. Aunque el sector de las TIC pueda parecer un problema añadido dada la gran cantidad y el incremento de dispositivos conectados, las mejoras en tecnología y en hardware están habilitando nuevas maneras de luchar contra el calentamiento global y la emisión de gases de efecto invernadero. Durante las últimas décadas, compañías del sector público y privado conscientes del problema han centrado sus esfuerzos en la creación de soluciones orientadas a la eficiencia energética tanto a nivel de hardware como de software. Las nuevas redes troncales están siendo creadas con dispositivos eficientes y los proveedores de servicios de Internet tienden a crear sistemas conscientes de la energía para su optimización dentro de su dominio. Siguiendo esta tendencia, cualquier nuevo sistema creado y añadido a la red debe garantizar un cierto nivel de conciencia y un manejo óptimo de los recursos que utiliza. La informatización, anteriormente mencionada, ha forzado a las empresas a evolucionar su modelo de negocio hacia uno más enfocado en la utilización de redes de ordenadores para gestionar sus recursos. Por eso, dichas compañías se están viendo forzadas a establecer sus sedes centrales dentro de edificios, para tener un mayor control sobre la coordinación, conexión y manejo de sus recursos. Esto está provocando un aumento en el consumo energético de los edificios, que se están convirtiendo en uno de los principales problemas. Para poder hacer frente al problema, el Internet de las Cosas o Internet of Things (IoT) ofrece nuevos paradigmas y alternativas para liderar el cambio. IoT se define como la red de objetos físicos y virtuales, capaces de recolectar la información del entorno e intercambiarla entre los propios objetos o a través de Internet. Gracias a estas redes, es posible monitorizar cualquier métrica que podamos imaginar dentro de un edificio, y, después, utilizar dicha información para construir sistemas automatizados, conocidos como Sistemas de Gestión Energética para Edificios, capaces de extraer conclusiones sobre cómo utilizar de manera eficiente y óptima los recursos del edificio. Compañías pertenecientes a las TIC han previsto esta oportunidad de mercado que, en sincronía con la aparición de sensores más pequeños, eficientes y duraderos, permite el desarrollo de sistemas IoT eficientes. Sin embargo, la falta de acuerdo en cuanto a la estandarización de dichos sistemas está creando un escenario caótico, ya que se hace imposible la conectividad horizontal entre dichos sistemas. Además, la gran cantidad de datos a procesar requiere la utilización de técnicas de Big Data para poder garantizar respuestas en tiempos aceptables. Esta tesis presenta, inicialmente, una arquitectura IoT estándar basada en la Nube que trata de hacer frente a los problemas anteriormente presentados mediante el uso de un middleware alojado en la Nube que ofusca la arquitectura hardware subyacente y permite la agregación de la información originada des de múltiples fuentes heterogéneas. Además, la información de los sensores se expone para que cualquier cliente de terceros pueda consultarla, después de haberse autenticado. La utilización de sistemas IoT automatizados para manejar los recursos de los edificios requiere un alto nivel de fiabilidad, resistencia y disponibilidad. La pérdida de información no está permitida debido a las consecuencias negativas que podría suponer, como una mala toma de decisiones. Por eso, es obligatorio otorgar opciones de backup a las redes de sensores para garantizar su correcto funcionamiento incluso cuando se producen desconexiones parciales de la red. Adicionalmente, la colocación de los sensores dentro del edificio debe garantizar un consumo energético mínimo dentro de las restricciones de despliegue impuestas. En esta tesis, mejoramos el problema de colocación de los sensores para redes heterogéneas de sensores inalámbricos añadiendo restricciones de clustering o agrupamiento, para asegurar que cada tipo de sensor es capaz de obtener su métrica correspondiente, y restricciones de protección mediante la habilitación de rutas de transmisión secundarias. En cuanto a grandes redes homogéneas de sensores inalámbricos, esta tesis estudia aumentar su resiliencia mediante la identificación de los sensores más críticos. Finalmente, presentamos un caso de uso de un Sistema de Gestión Energética para Edificios mediante una herramienta de simulación. Dicha herramienta utiliza como información de entrada modelos probabilísticos sobre las acciones de los ocupantes y modelos sobre la condición ambiental para actuar sobre los elementos del edificio y garantizar un funcionamiento óptimo y eficiente. Además, el comfort de los ocupantes también se considera como métrica a optimizar. Dada la imposibilidad de optimizar las dos métricas de manera conjunta, esta tesis también presenta un estudio sobre el trade-off que existe entre ellas. Todo el trabajo presentado está pensado para otorgar ideas y herramientas para los sistemas IoT actuales y futuros, y asentar las bases para la estandarización que todavía está por llegar.Postprint (published version

Key Generation for Internet of Things: A Contemporary Survey

Key generation is a promising technique to bootstrap secure communications for the Internet of Things (IoT) devices that have no prior knowledge between each other. In the past few years, a variety of key generation protocols and systems have been proposed. In this survey, we review and categorise recent key generation systems based on a novel taxonomy. Then, we provide both quantitative and qualitative comparisons of existing approaches. We also discuss the security vulnerabilities of key generation schemes and possible countermeasures. Finally, we discuss the current challenges and point out several potential research directions

Key Generation for Internet of Things

Key generation is a promising technique to bootstrap secure communications for the Internet of Things devices that have no prior knowledge between each other. In the past few years, a variety of key generation protocols and systems have been proposed. In this survey, we review and categorise recent key generation systems based on a novel taxonomy. Then, we provide both quantitative and qualitative comparisons of existing approaches. We also discuss the security vulnerabilities of key generation schemes and possible countermeasures. Finally, we discuss the current challenges and point out several potential research directions

Security and privacy for the internet of medical things enabled healthcare systems: a survey

With the increasing demands on quality healthcare and the raising cost of care, pervasive healthcare is considered as a technological solutions to address the global health issues. In particular, the recent advances in Internet of Things have led to the development of Internet of Medical Things (IoMT). Although such low cost and pervasive sensing devices could potentially transform the current reactive care to preventative care, the security and privacy issues of such sensing system are often overlooked. As the medical devices capture and process very sensitive personal health data, the devices and their associated communications have to be very secured to protect the user's privacy. However, the miniaturized IoMT devices have very limited computation power and fairly limited security schemes can be implemented in such devices. In addition, with the widespread use of IoMT devices, managing and ensuring the security of IoMT systems are very challenging and which are the major issues hindering the adoption of IoMT for clinical applications. In this paper, the security and privacy challenges, requirements, threats, and future research directions in the domain of IoMT are reviewed providing a general overview of the state-of-the-art approaches

Cognitive networking for next generation of cellular communication systems

This thesis presents a comprehensive study of cognitive networking for cellular networks with contributions that enable them to be more dynamic, agile, and efficient. To achieve this, machine learning (ML) algorithms, a subset of artificial intelligence, are employed to bring such cognition to cellular networks. More specifically, three major branches of ML, namely supervised, unsupervised, and reinforcement learning (RL), are utilised for various purposes: unsupervised learning is used for data clustering, while supervised learning is employed for predictions on future behaviours of networks/users. RL, on the other hand, is utilised for optimisation purposes due to its inherent characteristics of adaptability and requiring minimal knowledge of the environment. Energy optimisation, capacity enhancement, and spectrum access are identified as primary design challenges for cellular networks given that they are envisioned to play crucial roles for 5G and beyond due to the increased demand in the number of connected devices as well as data rates. Each design challenge and its corresponding proposed solution are discussed thoroughly in separate chapters. Regarding energy optimisation, a user-side energy consumption is investigated by considering Internet of things (IoT) networks. An RL based intelligent model, which jointly optimises the wireless connection type and data processing entity, is proposed. In particular, a Q-learning algorithm is developed, through which the energy consumption of an IoT device is minimised while keeping the requirement of the applications--in terms of response time and security--satisfied. The proposed methodology manages to result in 0% normalised joint cost--where all the considered metrics are combined--while the benchmarks performed 54.84% on average. Next, the energy consumption of radio access networks (RANs) is targeted, and a traffic-aware cell switching algorithm is designed to reduce the energy consumption of a RAN without compromising on the user quality-of-service (QoS). The proposed technique employs a SARSA algorithm with value function approximation, since the conventional RL methods struggle with solving problems with huge state spaces. The results reveal that up to 52% gain on the total energy consumption is achieved with the proposed technique, and the gain is observed to reduce when the scenario becomes more realistic. On the other hand, capacity enhancement is studied from two different perspectives, namely mobility management and unmanned aerial vehicle (UAV) assistance. Towards that end, a predictive handover (HO) mechanism is designed for mobility management in cellular networks by identifying two major issues of Markov chains based HO predictions. First, revisits--which are defined as a situation whereby a user visits the same cell more than once within the same day--are diagnosed as causing similar transition probabilities, which in turn increases the likelihood of making incorrect predictions. This problem is addressed with a structural change; i.e., rather than storing 2-D transition matrix, it is proposed to store 3-D one that also includes HO orders. The obtained results show that 3-D transition matrix is capable of reducing the HO signalling cost by up to 25.37%, which is observed to drop with increasing randomness level in the data set. Second, making a HO prediction with insufficient criteria is identified as another issue with the conventional Markov chains based predictors. Thus, a prediction confidence level is derived, such that there should be a lower bound to perform HO predictions, which are not always advantageous owing to the HO signalling cost incurred from incorrect predictions. The outcomes of the simulations confirm that the derived confidence level mechanism helps in improving the prediction accuracy by up to 8.23%. Furthermore, still considering capacity enhancement, a UAV assisted cellular networking is considered, and an unsupervised learning-based UAV positioning algorithm is presented. A comprehensive analysis is conducted on the impacts of the overlapping footprints of multiple UAVs, which are controlled by their altitudes. The developed k-means clustering based UAV positioning approach is shown to reduce the number of users in outage by up to 80.47% when compared to the benchmark symmetric deployment. Lastly, a QoS-aware dynamic spectrum access approach is developed in order to tackle challenges related to spectrum access, wherein all the aforementioned types of ML methods are employed. More specifically, by leveraging future traffic load predictions of radio access technologies (RATs) and Q-learning algorithm, a novel proactive spectrum sensing technique is introduced. As such, two different sensing strategies are developed; the first one focuses solely on sensing latency reduction, while the second one jointly optimises sensing latency and user requirements. In particular, the proposed Q-learning algorithm takes the future load predictions of the RATs and the requirements of secondary users--in terms of mobility and bandwidth--as inputs and directs the users to the spectrum of the optimum RAT to perform sensing. The strategy to be employed can be selected based on the needs of the applications, such that if the latency is the only concern, the first strategy should be selected due to the fact that the second strategy is computationally more demanding. However, by employing the second strategy, sensing latency is reduced while satisfying other user requirements. The simulation results demonstrate that, compared to random sensing, the first strategy decays the sensing latency by 85.25%, while the second strategy enhances the full-satisfaction rate, where both mobility and bandwidth requirements of the user are simultaneously satisfied, by 95.7%. Therefore, as it can be observed, three key design challenges of the next generation of cellular networks are identified and addressed via the concept of cognitive networking, providing a utilitarian tool for mobile network operators to plug into their systems. The proposed solutions can be generalised to various network scenarios owing to the sophisticated ML implementations, which renders the solutions both practical and sustainable

DevOps for Trustworthy Smart IoT Systems

ENACT is a research project funded by the European Commission under its H2020 program. The project consortium consists of twelve industry and research member organisations spread across the whole EU. The overall goal of the ENACT project was to provide a novel set of solutions to enable DevOps in the realm of trustworthy Smart IoT Systems. Smart IoT Systems (SIS) are complex systems involving not only sensors but also actuators with control loops distributed all across the IoT, Edge and Cloud infrastructure. Since smart IoT systems typically operate in a changing and often unpredictable environment, the ability of these systems to continuously evolve and adapt to their new environment is decisive to ensure and increase their trustworthiness, quality and user experience. DevOps has established itself as a software development life-cycle model that encourages developers to continuously bring new features to the system under operation without sacrificing quality. This book reports on the ENACT work to empower the development and operation as well as the continuous and agile evolution of SIS, which is necessary to adapt the system to changes in its environment, such as newly appearing trustworthiness threats

An overview of memristive cryptography

Smaller, smarter and faster edge devices in the Internet of things era demands secure data analysis and transmission under resource constraints of hardware architecture. Lightweight cryptography on edge hardware is an emerging topic that is essential to ensure data security in near-sensor computing systems such as mobiles, drones, smart cameras, and wearables. In this article, the current state of memristive cryptography is placed in the context of lightweight hardware cryptography. The paper provides a brief overview of the traditional hardware lightweight cryptography and cryptanalysis approaches. The contrast for memristive cryptography with respect to traditional approaches is evident through this article, and need to develop a more concrete approach to developing memristive cryptanalysis to test memristive cryptographic approaches is highlighted.Comment: European Physical Journal: Special Topics, Special Issue on "Memristor-based systems: Nonlinearity, dynamics and applicatio

An intelligent multimodal biometric authentication model for personalised healthcare services

With the advent of modern technologies, the healthcare industry is moving towards a more personalised smart care model. The enablers of such care models are the Internet of Things (IoT) and Artificial Intelligence (AI). These technologies collect and analyse data from persons in care to alert relevant parties if any anomaly is detected in a patient’s regular pattern. However, such reliance on IoT devices to capture continuous data extends the attack surfaces and demands high-security measures. Both patients and devices need to be authenticated to mitigate a large number of attack vectors. The biometric authentication method has been seen as a promising technique in these scenarios. To this end, this paper proposes an AI-based multimodal biometric authentication model for single and group-based users’ device-level authentication that increases protection against the traditional single modal approach. To test the efficacy of the proposed model, a series of AI models are trained and tested using physiological biometric features such as ECG (Electrocardiogram) and PPG (Photoplethysmography) signals from five public datasets available in Physionet and Mendeley data repositories. The multimodal fusion authentication model shows promising results with 99.8% accuracy and an Equal Error Rate (EER) of 0.16