Yee Wei Law

University of Melbourne, Melbourne, Victoria, Australia

Are you Yee Wei Law?

Claim your profile

Publications (54)8.5 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: Multicasting refers to the transmission of a message to multiple receivers at the same time. To enable authentication of sporadic multicast messages, a conventional digital signature scheme is appropriate. To enable authentication of a multicast data stream, however, an authenticated multicast or multicast authentication (MA) scheme is necessary. An MA scheme can be constructed from a conventional digital signature scheme or a multiple-time signature (MTS) scheme. A number of MTS-based MA schemes have been proposed over the years. Here, we formally analyze four MA schemes, namely BiBa, TV-HORS, SCU+ and TSV+. Among these MA schemes, SCU+ is an MA scheme we constructed from an MTS scheme designed for secure code update, and TSV+ is our patched version of TSV, an MA scheme which we show to be vulnerable. Based on our simulation-validated analysis, which complements and at places rectifies or improves existing analyses, we compare the schemes' computational and communication efficiencies relative to their security levels. For numerical comparison of the schemes, we use parameters relevant for a smart (power) grid component called wide-area measurement system. Our comparison shows that TV-HORS, while algorithmically unsophisticated and not the best performer in all categories, is the most balanced performer. SCU+, TSV+ and by implication the schemes from which they are extended do not offer clear advantages over BiBa, the oldest among the schemes.
    Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security; 05/2013
  • Yee Wei Law, M. Palaniswami, G. Kounga, A. Lo
    [Show abstract] [Hide abstract]
    ABSTRACT: A wide-area measurement system (WAMS) is a system that provides a time-synchronized view of electrical conditions over a large geographical area, thereby enhancing the situational awareness of the energy management system of a power grid. With this enhanced situational awareness, utilities would be able to react promptly to contingencies, and prevent large-scale blackouts. To secure WAMS communications, we propose WAMS key management (WAKE), a comprehensive key management scheme targeting a concrete set of security objectives derived from NIST's security impact level ratings. For security objectives involving unicast, WAKE employs industry- standard security protocols. For security objectives involving multicast, we show the scheme standardized by the IEC is inadequate, and identify multicast authentication as a requirement. We investigate two recent multicast authentication schemes designed for power grid communications: TV-HORS and tunable signing and verification (TSV), which supposedly improves on TV-HORS. We show that TSV is vulnerable, and propose a patched version of TSV called TSV+. Systematic comparison of TV-HORS and TSV+ shows that TV-HORS provides significantly more efficient signing and verification for the same security level at the expense of signature size. Consequently, TV-HORS is chosen as part of WAKE for multicast authentication.
    IEEE Communications Magazine 01/2013; 51(1):34-41. · 3.66 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Multi-hop over-the-air reprogramming is essential for the remote installation of software patches and upgrades in wireless sensor networks (WSNs). Recently, coding-based reprogramming protocols are proposed to address efficient code dissemination in environments with high packet loss rate. The problem of analyzing the performance of these protocols, however, has not been explored in the literature. In this paper, we present a high-fidelity analytical model based on Dijkstra's shortest path algorithm to measure the completion time of coding-based reprogramming protocols. Our model takes into account not only page pipelining and negotiation, but also coding computation. Results from extensive simulations of a representative coding-based reprogramming protocol called Rateless Deluge are in good agreement with the performance predicted by our model, thus validating our approach. Our analytical results show both the number of packets per page and the finite field size have significant impact on completion time. Most notably, the time overhead of coding computation exceeds that of communication when the number of packets per page is 24 and the finite field size is at least 24.
    Communications (ICC), 2013 IEEE International Conference on; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Internet of Things (IoT) is denned as interconnection of sensing and actuating devices providing the ability to share information across platforms through a unified framework, developing a common operating picture for enabling innovative applications. As the world urban population is set to cross unprecedented levels, adequate provision of services and infrastructure poses huge challenges. The emerging IoT that offers ubiquitous sensing and actuation can be utilized effectively for managing urban environments. In this paper, a new architecture for noise monitoring in urban environments is proposed. The architecture is scalable and applicable to other sensors required for city management. In addition to the architecture, a new noise monitoring hardware platform is reported and visualization of the data is presented. An emerging citizen centric participatory sensing is discussed in the context of noise monitoring.
    Advances in Computing, Communications and Informatics (ICACCI), 2013 International Conference on; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In a tree-based ZigBee network, ZigBee routers (ZRs) must schedule their beacon transmission time to avoid beacon collisions. The beacon schedule determines packet delivery latency from the end devices to the ZigBee coordinator at the root of the tree. Traditionally, beacon schedules are chosen such that a ZR does not reuse the beacon slots already claimed by its neighbors, or the neighbors of its neighbors. We observe, however, that beacon slots can be reused judiciously, especially when the risk of beacon collision caused by such reuse is low. The advantage of such reuse is that packet delivery latency can be reduced. We formalize our observation by proposing a node-pair classification scheme. Based on this scheme, we can easily assess the risk of slot reuse by a node pair. If the risk is high, slot reuse is disallowed; otherwise, slot reuse is allowed. This forms the essence of our ZigBee-compatible, distributed, risk-aware, probabilistic beacon scheduling algorithm. Simulation results show that on average the proposed algorithm produces a latency only 24 percent of that with conventional method, at the cost of 12 percent reduction in the fraction of associated nodes.
    IEEE Transactions on Mobile Computing 05/2012; · 2.40 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: A power grid has four segments: generation, transmission, distribution and demand. Until now, utilities have been focusing on streamlining their generation, transmission and distribution operations for energy efficiency. While loads have traditionally been a passive part of a grid, with rapid advances in ICT, demand-side technologies now play an increasingly important role in the energy efficiency of power grids. This paper starts by introducing the key concepts of demand-side management and demand-side load management. Classical demand-side management defines six load shape objectives, of which "peak clipping" and "load shifting" are most widely applicable and most relevant to energy efficiency. At present, the predominant demand-side management activity is demand response (DR). This paper surveys DR architectures, which are ICT architectures for enabling DR programs as well as load management. This paper also surveys load management solutions for responding to DR programs, in the form of load reduction and load shifting algorithms. A taxonomy for "group load shifting" is proposed. Research challenges and opportunities are identified and linked to ambient intelligence, wireless sensor networks, nonintrusive load monitoring, virtual power plants, etc.
    Knowledge, Information and Creativity Support Systems (KICSS), 2012 Seventh International Conference on; 01/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: OpenFlow has been envisioned as a promising approach to next-generation programmable and easy-to-manage networks. However, the inherent heavy switch-controller communications in OpenFlow may throttle controller responsiveness and, ultimately, network scalability. In this paper, we identify that a key cause of this problem lies in flow setup, and propose a Control-Message Quenching (CMQ) scheme to address it. CMQ requires minimal changes to OpenFlow, imposes no overhead on the central controller which is often the performance bottleneck, is lightweight and simple to implement. We show, via worst-case analysis and numerical results, an upper bound of performance improvement that CMQ can achieve, and evaluate the average performance via experiments using a widely-adopted prototyping system. Our experimental results demonstrate considerable enhancement of controller responsiveness and network scalability by using CMQ, with reduced flow setup latency and elevated network throughput.
    ICT Convergence (ICTC), 2012 International Conference on; 01/2012
  • Yee Wei Law, T. Alpcan, M. Palaniswami
    [Show abstract] [Hide abstract]
    ABSTRACT: Information and communication technologies bring significant improvements to power grid and help building a “smart grid”. At the same time, they cause novel vulnerabilities making the power grid, which is a critical infrastructure, susceptible to malicious cyber attacks such as false data injection. This paper develops a game-theoretic approach to smart grid security by combining quantitative risk concepts with decision making on protective measures. Specifically, the interaction between malicious attackers and grid defense systems is modeled as a security game, where the attackers choose the intensity of false data injection and defenders determine the detection threshold level. The consequences of data injection attacks are quantified using a risk assessment process based on realistic system simulations. The simulation results are used as an input to a stochastic game model, where the decisions on defensive measures are made taking into account resource constraints represented by cost values. Thus, security games provide a framework for choosing the best response strategies against attackers in order to minimize potential risks. The framework developed is also useful to analyse different types of attacks and defensive measures. The theoretical results obtained are demonstrated using numerical examples.
    Communication, Control, and Computing (Allerton), 2012 50th Annual Allerton Conference on; 01/2012
  • Yee Wei Law, Paul J. M. Havinga
    [Show abstract] [Hide abstract]
    ABSTRACT: The edited volume “Security and Dependability for Ambient Intelligence” is a comprehensive compilation of the research outcomes of the 3 year-long euro 7.8 million European Framework Programme 6 project SERENITY (FP6-IST-2006-27587). At a time when Stuxnet and large scale data breaches at PlayStation Network and RSA have taken over global news headlines, the need for a systematic approach to developing, deploying and dynamically configuring security solutions marks the timely arrival of this highly useful volume.
    JAISE. 01/2011; 3:373-374.
  • Yee Wei Law, Paul Havinga
    [Show abstract] [Hide abstract]
    ABSTRACT: The edited volume “Security and Dependability for Ambient Intelligence” is a comprehensive compilation of the research outcomes of the 3 year-long 7.8 million Euro European Framework Programme 6 project SERENITY (FP6-IST-2006-27587). At a time when Stuxnet and large scale data breaches at PlayStation Network and RSA have taken over global news headlines, the need for a systematic approach to developing, deploying and dynamically configuring security solutions marks the timely arrival of this highly useful volume.
    01/2011;
  • Source
    Zheng Gong, Svetla Nikova, Yee Wei Law
    [Show abstract] [Hide abstract]
    ABSTRACT: Resource-efficient cryptographic primitives become fundamental for realizing both security and efficiency in embedded systems like RFID tags and sensor nodes. Among those primitives, lightweight block cipher plays a major role as a building block for security protocols. In this paper, we describe a new family of lightweight block ciphers named KLEIN, which is designed for resource-constrained devices such as wireless sensors and RFID tags. Compared to the related proposals, KLEIN has advantage in the software performance on legacy sensor platforms, while in the same time its hardware implementation can also be compact.
    RFID. Security and Privacy - 7th International Workshop, RFIDSec 2011, Amherst, USA, June 26-28, 2011, Revised Selected Papers; 01/2011
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The constrained resources of sensors restrict the design of a key management scheme for wireless sensor networks (WSNs). In this work, we first formalize the security model of ALwEN, which is a gossip-based wireless medical sensor network (WMSN) for ambient assisted living. Our security model considers the node capture, the gossip-based network and the revocation problems, which should be valuable for ALwEN-like applications. Based on Shamir's secret sharing technique, we then propose two key management schemes for ALwEN, namely the KALwEN+ schemes, which are proven with the security properties defined in the security model. The KALwEN+ schemes not only fit ALwEN, but also can be tailored to other scalable wireless sensor networks based on gossiping.
    01/2011;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Key management is the pillar of a security architecture. Body sensor networks (BSNs) pose several challenges-some inherited from wireless sensor networks (WSNs), some unique to themselves-that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new parameterized key management scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports secure global broadcast, local broadcast, and local (neighbor-to-neighbor) unicast, while preserving past key secrecy and future key secrecy (FKS). The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case. With both formal verification and experimental evaluation, our results should appeal to theorists and practitioners alike.
    Security and Communication Networks 01/2011; 4:1309-1329. · 0.43 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A network reprogramming protocol is made for updating the firmware of a wireless sensor network (WSN) in situ. For security reasons, every firmware update must be authenticated to prevent an attacker from installing its code in the network.While existing schemes can provide authentication services, they are insufficient for a new generation of network coding-based reprogramming protocols like Rateless Deluge. We propose Secure Rateless Deluge or Sreluge, a secure version of Rateless Deluge that is resistant to pollution attacks (denial-of-service attacks aimed at polluting encoded packets). Sreluge employs a neighbor classification system and a time series forecasting technique to isolate polluters, and a combinatorial technique to decode data packets in the presence of polluters before the isolation is complete. For detecting polluters, Sreluge has zero false negative rate and a negligible false positive rate. TOSSIM simulations and experimental results show that Sreluge is practical.
    EURASIP Journal on Wireless Communications and Networking. 01/2011;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Proportional, TCP friendly (minimum potential delay) and max-min fairness are three most commonly used fairness criteria for resource allocation in communication networks. In this paper, we generalize the above fairness criteria in terms of utility and study the resource allocation problem for heterogeneous networks where contending users may have different Quality of Services (QoS) requirements and the utility functions may not necessarily satisfy the strict concavity condition, such as real-time applications. We propose a QoS based flow control algorithm and with different link price feedback mechanisms, utility weighted proportional, TCP friendly and max-min fairness is achieved in this unified approach. In addition, the new algorithm is not only suitable for elastic data traffic, but also capable of handling real-time applications, and therefore it can be treated as an efficient flow control mechanism to provide congestion control and QoS balance for Differentiated Services in the future Internet.
    Proceedings of IEEE International Conference on Communications, ICC 2010, Cape Town, South Africa, 23-27 May 2010; 01/2010
  • [Show abstract] [Hide abstract]
    ABSTRACT: A centralized self-localization algorithm is used to estimate sensor locations. From the known positions of at least 3 anchor nodes the remaining sensor positions are estimated using an efficient particle filter (PF) with progressive correction. The measurement model is a simple two-parameter log-normal shadowing model, where the parameters are estimated concurrently. Experiments using Crossbow Imote2 motes show that an error of less than 16% is achievable in an indoor environment. The results demonstrate that by using PF with progressive correction, a small number of measurements and a simple signal propagation model are sufficient to give low localization errors.
    Communications and Networking in China (CHINACOM), 2010 5th International ICST Conference on; 01/2010
  • Source
    A. Munari, W. Schott, Yee Wei Law
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a novel dynamic routing strategy called tunnel routing that enables efficient and resilient data forwarding from sensors to a destination in wireless sensor networks. Instead of establishing a single static path, tunnel routing identifies a set of trusted sensor nodes that form a tunnel between the source and the destination. Terminals in the tunnel cooperate with each other to reliably route data and to defend against compromised nodes that may maliciously drop or re-direct packets. To achieve this, not only do sensor terminals forward data, but also they act as support nodes, providing on-demand retransmissions in order to combat channel fading, and initializing multi-path data forwarding towards the destination in case they detect a misbehavior of a forwarding node. Simulation results demonstrate the advantages of the proposed scheme.
    Personal, Indoor and Mobile Radio Communications, 2009 IEEE 20th International Symposium on; 10/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: For practical applications, wireless sensor networks (WSNs) with diverse sensor types and that run heterogenous applications are becoming increasingly important. Our motivation in this work is to, for this sort of heterogenous WSNs, devise a flow control and resource allocation algorithm (with respect to both wireless channel usage and sensor node energy), that allow data to be gathered in the fairest manner, while still respecting the needs of different sensing tasks. A two-layer hierarchical transport architecture is designed to guarantee a certain measure of optimality in rate allocation, addressing the balance between fairness and performance. In essence, utility max-min fairness is achieved among upper-layer cluster heads, whereas utility proportional fairness is achieved within each lower-layer cluster. The proposed architecture is to be applied to a real marine sensor network on the Great Barrier Reef.
    Intelligent Sensors, Sensor Networks and Information Processing, 2008. ISSNIP 2008. International Conference on; 01/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Network reprogramming is a crucial service in wireless sensor networks (WSNs) that relies on epidemic strategy for spreading software updates by just having a local view of the networks. Securing the process of network reprogramming is essential in some certain WSNs applications, state-of-the-art secure network reprogramming protocols for WSNs aim for the efficient source authentication and integrity verification of code image, however, due to the resource constrains of WSNs, existing secure network reprogramming protocols are vulnerable to Denial of Service (DoS) attacks when sensor nodes can be compromised (insider DoS attacks). In this paper, we identify different types of DoS attacks exploiting the epidemic propagation strategies used by Deluge and propose corresponding analysis models to attempt to quantify the cost of these attacks damage. Simulation further shows the impact of insider DoS attacks on network reprogramming in WSNs.
    Proceedings of the Fifth International Conference on Information Assurance and Security, IAS 2009, Xi'An, China, 18-20 August 2009; 01/2009
  • Source
    TOSN. 01/2009; 5.

Publication Stats

543 Citations
8.50 Total Impact Points

Institutions

  • 2007–2013
    • University of Melbourne
      • Department of Electrical and Electronic Engineering
      Melbourne, Victoria, Australia
  • 2012
    • National University of Kaohsiung
      Kao-hsiung-shih, Kaohsiung, Taiwan
  • 2010
    • Northwestern Polytechnical University
      Xi’an, Liaoning, China
  • 2003–2009
    • Universiteit Twente
      • • Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS)
      • • Department of Computer Science
      Enschede, Provincie Overijssel, Netherlands
    • University of Rome Tor Vergata
      Roma, Latium, Italy