5 research outputs found

    A Survey of Access Control Models in Wireless Sensor Networks

    Get PDF
    Copyright 2014 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/)Wireless sensor networks (WSNs) have attracted considerable interest in the research community, because of their wide range of applications. However, due to the distributed nature of WSNs and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. Resource constraints in sensor nodes mean that security mechanisms with a large overhead of computation and communication are impractical to use in WSNs; security in sensor networks is, therefore, a challenge. Access control is a critical security service that offers the appropriate access privileges to legitimate users and prevents illegitimate users from unauthorized access. However, access control has not received much attention in the context of WSNs. This paper provides an overview of security threats and attacks, outlines the security requirements and presents a state-of-the-art survey on access control models, including a comparison and evaluation based on their characteristics in WSNs. Potential challenging issues for access control schemes in WSNs are also discussed.Peer reviewe

    A Trust-Based Adaptive Access Control Model for Wireless Sensor Networks

    Get PDF
    Wireless Sensor Networks (WSNs) have recently attracted much interest in the research community because of their wide range of applications. One emerging application for WSNs involves their use in healthcare where they are generally termed Wireless Medical Sensor Networks (WMSNs). In a hospital, fitting patients with tiny, wearable, wireless vital sign sensors would allow doctors, nurses and others to continuously monitor the state of those in their care. In the healthcare industry, patients are expected to be treated in reasonable time and any loss in data availability can result in further decline in the patient’s condition or can even lead to death. Therefore, the availability of data is more important than security concerns. The overwhelming priority is to take care of the patient, but the privacy and confidentiality of that patient’s medical records cannot be neglected. In current healthcare applications, there are many problems concerning security policy violations such as unauthorised denial of use, unauthorised information modification and unauthorised information release of medical data in the real world environment. Current WSN access control models used the traditional Role-Based Access Control (RBAC) or cryptographic methods for data access control but the systems still need to predefine attributes, roles and policies before deployment. It is, however, difficult to determine in advance all the possible needs for access in real world applications because there may be unanticipated situations at any time. This research proceeds to study possible approaches to address the above issues and to develop a new access control model to fill the gaps in work done by the WSN research community. Firstly, the adaptive access control model is proposed and developed based on the concept of discretionary overriding to address the data availability issue. In the healthcare industry, there are many problems concerning unauthorised information release. So, we extended the adaptive access control model with a prevention and detection mechanism to detect security policy violations, and added the concept of obligation to take a course of action when a restricted access is granted or denied. However, this approach does not consider privacy of patients’ information because data availability is prioritised. To address the conflict between data availability and data privacy, this research proposed the Trust-based Adaptive Access Control (TBA2C) model that integrates the concept of trust into the previous model. A simple user behaviour trust model is developed to calculate the behaviour trust value which measures the trustworthiness of the users and that is used as one of the defined thresholds to override access policy for data availability purpose, but the framework of the TBA2C model can be adapted with other trust models in the research community. The trust model can also protect data privacy because only a user who satisfies the relevant trust threshold can get restricted access in emergency and unanticipated situations. Moreover, the introduction of trust values in the enforcement of authorisation decisions can detect abnormal data access even from authorised users. Ponder2 is used to develop the TBA2C model gradually, starting from a simple access control model to the full TBA2C. In Ponder2, a Self-Managed Cell (SMC) simulates a sensor node with the TBA2C engine inside it. Additionally, to enable a full comparison with the proposed TBA2C model, the Break-The-Glass Role Based Access Control (BTGRBAC) model is redesigned and developed in the same platform (Ponder2). The proposed TBA2C model is the first to realise a flexible access control engine and to address the conflict between data availability and data privacy by combining the concepts of discretionary overriding, the user behaviour trust model, and the prevention and detection mechanism

    BTG-AC: Break-The-Glass Access Control Model for Medical Data in Wireless Sensor Networks

    Get PDF
    This article has been accepted for publication in IEEE Journal of Biomedical and Health Informatics following peer review. Available online at doi:10.1109/JBHI.2015.2510403.Wireless sensor networks (WSNs) have recently attracted much interest in the research community because of their wide range of applications. An emerging application for WSNs involves their use in healthcare where they are generally termed wireless medical sensor networks. In a hospital, outfitting every patient with tiny, wearable, wireless vital sign sensors would allow doctors, nurses, and other caregivers to continuously monitor the state of their patients. In such a scenario, patients are expected to be treated in reasonable time, so an access control model is needed, which will provide both real-time access to comprehensive medical records and detect unauthorized access to sensitive data. In emergency situations, a doctor or nurse needs to access data immediately. The loss in data availability can result in further decline in the patient's condition or can even lead to death. Therefore, the availability of data is more important than any security concern in emergency situations. To address that research issue for medical data in WSNs, we propose the break-the-glass access control (BTG-AC) model that is a modified and redesigned version of the break-the-glass role-based access control (BTG-RBAC) model to address data availability issue and to detect the security policy violations from both authorized and unauthorized users. Several changes within the access control engine are made in BTG-RBAC in order to make the new BTG-AC to apply and fit in WSNs. This paper presents the detailed design and development of the BTG-AC model based on a healthcare scenario. The evaluation results show that the concepts of BTG, prevention and detection mechanism, and obligation provide more flexible access than other current access control models in WSNs. Additionally, we compare the BTG-AC model with an adaptive access control (A2C) model, which has similar properties, for further evaluation. Alongside with the comparison, the advantages and disadvantages of BTG-AC over current WSN access control models are presented.Peer reviewe

    Successful Operational Cyber Security Strategies for Small Businesses

    Get PDF
    Cybercriminals threaten strategic and efficient use of the Internet within the business environment. Each year, cybercrimes in the United States cost business leaders approximately 6billion,andglobally,6 billion, and globally, 445 billion. The purpose of this multiple case study was to explore the operational strategies chief information security officers of high-technology companies used to protect their businesses from cyberattacks. Organizational learning theory was the conceptual framework for the study. The population of the study was 3 high-technology business owners operating in Florida who have Internet expertise and successfully protected their businesses from cyberattacks. Member checking and methodological triangulation were used to valid the data gathered through semistructured interviews, a review of company websites, and social media pages. Data were analyzed using thematic analysis, which supported the identification of 4 themes: effective leadership, cybersecurity awareness, reliance on third-party vendors, and cybersecurity training. The implications of this study for positive social change include a safe and secure environment for conducting electronic transactions, which may result in increased business and consumer confidence strengthened by the protection of personal and confidential information. The creation and sustainability of a safe Internet environment may lead to increased usage and trust in online business activities, leading to greater online business through consumer confidence and communication
    corecore