1,720,998 research outputs found
Engineering Trusted Location Services and Context-aware Augmentations for Network Authorization Models
No full textContext-aware computing has been a rapidly growing research area, however its uses have been predominantly targeted at pervasive applications for smart spaces such as smart homes and workplaces. This research has investigated the use of location and other context data in access control policy, with the purpose of augmenting existing IP and application-layer security to provide fine-grained access control and effective enforcement of security policy. The use of location and other context data for security purposes requires that the technologies and methods used for acquiring the context data are trusted.\ud
\ud
\ud
\ud
This thesis begins with the description of a framework for the analysis of location systems for use in security services and critical infrastructure. This analysis classifies cooperative locations systems by their modes of operation and the common primitives they are composed of. Common location systems are analyzed for inherent security flaws and limitations based on the vulnerability assessment of location system primitives and the taxonomy of known attacks.\ud
\ud
\ud
\ud
An efficient scheme for supporting trusted differential GPS corrections is proposed, such that DGPS vulnerabilities that have been identified are mitigated. The proposal augments the existing broadcast messaging protocol with a number of new messages facilitating origin authentication and integrity of broadcast corrections for marine vessels.\ud
\ud
\ud
\ud
A proposal for a trusted location system based on GSM is presented, in which a model for tamper resistant location determination using GSM signaling is designed. A protocol for association of a user to a cell phone is proposed and demonstrated in a framework for both Web and Wireless Application Protocol (WAP) applications. After introducing the security issues of existing location systems and a trusted location system proposal, the focus of the thesis changes to the use of location data in authorization and access control processes. This is considered at both the IP-layer and the\ud
\ud
application-layer.\ud
\ud
\ud
\ud
For IP-layer security, a proposal for location proximity-based network packet filtering in IEEE 802.11 Wireless LANs is presented. This proposal details an architecture that extends the Linux netfilter system to support proximity-based packet filtering, using methods of transparent location determination through the application of a pathloss model to raw signal measurements.\ud
\ud
\ud
\ud
Our investigation of application-layer security resulted in the establishment of a set of requirements for the use of contextual information in application level authorization.\ud
\ud
Existing network authentication protocols and access control mechanisms are analyzed for their ability to fulfill these requirements and their suitability in facilitating context-aware authorization. The result is the design and development of a new context-aware authorization architecture, using the proposed modifications to\ud
\ud
Role-based Access Control (RBAC). One of the distinguishing characteristics of the proposed architecture is its ability to handle authorization with context-transparency, and provide support for real-time granting and revocation of permissions.\ud
\ud
\ud
\ud
During the investigation of the context-aware authorization architecture, other security\ud
\ud
contexts in addition to host location were found to be useful in application level authorization. These included network topology between the host and application server, the security of the host and the host execution environment. Details of the prototype implementation, performance results, and context acquisition services are\ud
\ud
presented
An autonomous GNSS anti-spoofing technique
Full text linkIn recent years, the problem of Position, Navigation and Timing (PNT) resiliency has received significant attention due to an increasing awareness on threats and the vulnerability of the current GNSS signals. Several proposed solutions make uses of cryptography to protect against spoofing. A limitation of cryptographic techniques is that they introduce a communication and processing computation overhead and may impact the performance in terms of availability and continuity for GNSS users. This paper introduces autonomous non cryptographic antispoofing mechanisms, that exploit semi-codeless receiver techniques to detect spoofing for signals with a component making use of spreading code encryption
Evaluating the security of one-way key chains in TESLA-based GNSS navigation message authentication schemes
Full text linkIn the proposals for Global Navigation Satellite Systems (GNSS) Navigation Message Authentication (NMA) that are based on adapting the Timed Efficient Stream Loss-Tolerant Authentication (TESLA) protocol, the length of the one-time keys is limited (e.g. to 80 bits) by the low transmission rate. As a consequence, the hash function that is used to build the one-way key chain is constructed having a longer, secure hash function (e.g. SHA-256), preceded by a time-varying yet deterministic padding of the input and followed by a truncation of the output. We evaluate the impact of this construction on the collision resistance of the resulting hash function and of the whole chain, and show that with current proposed parameters, combined with the use of efficient hashing hardware, it can lead to a feasible attack with significant collision probability. The collision can be leveraged to mount a long lasting spoofing attack, where the victim receiver accepts all the one time keys and the navigation messages transmitted by the attacker as authentic. We conclude by suggesting possible modifications to make TESLA-based NMA more robust to such attacks
Making the case for low cost railway level crossings [poster abstract]
No full textThis paper discusses the challenges of making a case for the adoption of low cost railway level crossings in Australia. Several issues are discussed in this paper including legal issues associated with the treatment of low-exposure passive crossings with low cost level crossing warning devices (LCLCWDs); principles of operation and deployment for LCLCWDs; and technical and human factors aspects of safety and availability. The Cooperative Research Centre (CRC) for Rail Innovation’s affordable level crossings project aims to address a number of these technical and human factors issues through research and field trials
Specification & design of safety technologies for complex socio-technical systems : low-cost level crossings case study
No full textThe introduction of safety technologies into complex socio-technical systems requires an integrated and holistic approach to HF and engineering, considering the effects of failures not only within system boundaries, but also at the interfaces with other systems and humans. Level crossing warning devices are examples of such systems where technically safe states within the system boundary can influence road user performance, giving rise to other hazards that degrade safety of the system. Chris will discuss the challenges that have been encountered to date in developing a safety argument in support of low-cost level crossing warning devices. The design and failure modes of level crossing warning devices are known to have a significant influence on road user performance; however, quantifying this effect is one of the ongoing challenges in determining appropriate reliability and availability targets for low-cost level crossing warning devices
Low cost railway level crossings
No full textThe Cooperative Research Centre (CRC) for Rail Innovation is conducting a tranche of industry-led research projects looking into safer rail level crossings. This paper will provide an overview of the Affordable Level Crossings project, a project that is performing research in both engineering and human factors aspects of low-cost level crossing warning devices (LCLCWDs), and is facilitating a comparative trial of these devices over a period of 12 months in several jurisdictions.\ud
\ud
Low-cost level crossing warning devices (LCLCWDs) are characterised by the use of alternative technologies for high cost components including train detection and connectivity (e.g. radar, acoustic, magnetic induction train detection systems and wireless connectivity replacing traditional track circuits and wiring). These devices often make use of solar power where mains power is not available, and aim to make substantial savings in lifecycle costs.\ud
The project involves trialling low-cost level crossing warning devices in shadow-mode, where devices are installed without the road-user interface at a number of existing level crossing sites that are already equipped with conventional active warning systems.\ud
\ud
It may be possible that the deployment of lower-cost devices can provide a significantly larger safety benefit over the network than a deployment of expensive conventional devices, as the lower cost would allow more passive level crossing sites to be upgraded with the same capital investment. The project will investigate reliability and safety integrity issues of the low-cost devices, as well as evaluate lifecycle costs and investigate human factors issues related to warning reliability. This paper will focus on the requirements and safety issues of LCLCWDs, and will provide an overview of the Rail CRC projects
A spoofing detection method for civilian L1 GPS and the E1-B Galileo Safety of Life service
No full textThis paper describes an effective method for signal-authentication and spoofing detection for civilian GNSS receivers using the GPS L1 C/A and the Galileo E1-B Safety of Life service. The paper discusses various spoofing attack profiles and how the proposed method is able to detect these attacks. This method is relatively low-cost and can be suitable for numerous mass-market applications. This paper is the subject of a pending patent
Towards the adoption of low-cost rail level crossing warning devices in regional areas of Australia : a review of current technologies and reliability issues
No full textThis paper discusses major obstacles for the adoption of low cost level crossing warning devices (LCLCWDs) in Australia and reviews those trialed in Australia and internationally. The argument for the use of LCLCWDs is that for a given investment, more passive level crossings can be treated, therefore increasing safety benefits across the rail network. This approach, in theory, reduces risk across the network by utilizing a combination of low-cost and conventional level crossing interventions, similar to what is done in the road environment. This paper concludes that in order to determine if this approach can produce better safety outcomes than the current approach, involving the incremental upgrade of level crossings with conventional interventions, it is necessary to perform rigorous risk assessments and cost-benefit analyses of LCLCWDs. Further research is also needed to determine how best to differentiate less reliable LCCLWDs from conventional warning devices through the use of different warning signs and signals. This paper presents a strategy for progressing research and development of LCLCWDs and details how the Cooperative Research Centre (CRC) for Rail Innovation is fulfilling this strategy through the current and future affordable level crossing projects
Application of pneumatic tubes to evaluate driver behavior and interventions at low traffic railway level crossings
No full textThe recent development of new technologies has attracted the interest of the rail industry as a way to increase driver awareness at railway level crossings by providing new ways to display information to drivers as they approach crossings. While such ideas have been predominantly trialed in driving simulators, there is a growing interest for live trials of such interventions on the road. While most studies have demonstrated that errors or violations on the part of the road user are the largest contributor to level crossing crashes, the understanding of driver behavior at level crossings is poorly understood due to the limited number, focus and period of time of studies conducted at level crossings. This highlights the lack of manageable methods for studying driver behavior at level crossings on a long term basis in naturalistic conditions, particularly for passive level crossings, which are often located in remote areas. We propose a new, practical and affordable application of pneumatic tubes to evaluate over the long term both the compliance of drivers at level crossings and their speed during the approach of level crossing with low road traffic volume. We tested our methodology at two railway level crossings in the Brisbane region and recorded over 10,000 vehicle movements for each site during a 5 months observation
A Novel Navigation Message Authentication Scheme for GNSS Open Service
No full textThis paper focuses on Navigation Message Authentication (NMA) for GNSS, a message-level authentication capability that aims at providing assurance of authenticity and cryptographic integrity of the navigation message. In designing a NMA scheme, there is an inevitable trade-off among security, resources (e.g. bandwidth and computational power), and performance (e.g. time to authentication of navigation message and authentication error rate). Other requirements may come from the channel dissemination performance (especially in harsh environments) and the complexity of key management. In this paper, we propose a novel NMA scheme that attempts to amortize the resources typically required for digital signatures by using a one-way chain of authentication tags of the message itself, rather than a chain of delayed keys as in TESLA based proposals. We show that this new paradigm in chaining implementation can offer significant improvements to NMA in terms of flexibility, security and performance. Indeed, all such metrics will be evaluated, compared with alternative proposals and discussed
- …
