336 resultados para Distinguishing Attack
Resumo:
Fusion techniques can be used in biometrics to achieve higher accuracy. When biometric systems are in operation and the threat level changes, controlling the trade-off between detection error rates can reduce the impact of an attack. In a fused system, varying a single threshold does not allow this to be achieved, but systematic adjustment of a set of parameters does. In this paper, fused decisions from a multi-part, multi-sample sequential architecture are investigated for that purpose in an iris recognition system. A specific implementation of the multi-part architecture is proposed and the effect of the number of parts and samples in the resultant detection error rate is analysed. The effectiveness of the proposed architecture is then evaluated under two specific cases of obfuscation attack: miosis and mydriasis. Results show that robustness to such obfuscation attacks is achieved, since lower error rates than in the case of the non-fused base system are obtained.
Resumo:
Global awareness for cleaner and renewable energy is transforming the electricity sector at many levels. New technologies are being increasingly integrated into the electricity grid at high, medium and low voltage levels, new taxes on carbon emissions are being introduced and individuals can now produce electricity, mainly through rooftop photovoltaic (PV) systems. While leading to improvements, these changes also introduce challenges, and a question that often rises is ‘how can we manage this constantly evolving grid?’ The Queensland Government and Ergon Energy, one of the two Queensland distribution companies, have partnered with some Australian and German universities on a project to answer this question in a holistic manner. The project investigates the impact the integration of renewables and other new technologies has on the physical structure of the grid, and how this evolving system can be managed in a sustainable and economical manner. To aid understanding of what the future might bring, a software platform has been developed that integrates two modelling techniques: agent-based modelling (ABM) to capture the characteristics of the different system units accurately and dynamically, and particle swarm optimization (PSO) to find the most economical mix of network extension and integration of distributed generation over long periods of time. Using data from Ergon Energy, two types of networks (3 phase, and Single Wired Earth Return or SWER) have been modelled; three-phase networks are usually used in dense networks such as urban areas, while SWER networks are widely used in rural Queensland. Simulations can be performed on these networks to identify the required upgrades, following a three-step process: a) what is already in place and how it performs under current and future loads, b) what can be done to manage it and plan the future grid and c) how these upgrades/new installations will perform over time. The number of small-scale distributed generators, e.g. PV and battery, is now sufficient (and expected to increase) to impact the operation of the grid, which in turn needs to be considered by the distribution network manager when planning for upgrades and/or installations to stay within regulatory limits. Different scenarios can be simulated, with different levels of distributed generation, in-place as well as expected, so that a large number of options can be assessed (Step a). Once the location, sizing and timing of assets upgrade and/or installation are found using optimisation techniques (Step b), it is possible to assess the adequacy of their daily performance using agent-based modelling (Step c). One distinguishing feature of this software is that it is possible to analyse a whole area at once, while still having a tailored solution for each of the sub-areas. To illustrate this, using the impact of battery and PV can have on the two types of networks mentioned above, three design conditions can be identified (amongst others): · Urban conditions o Feeders that have a low take-up of solar generators, may benefit from adding solar panels o Feeders that need voltage support at specific times, may be assisted by installing batteries · Rural conditions - SWER network o Feeders that need voltage support as well as peak lopping may benefit from both battery and solar panel installations. This small example demonstrates that no single solution can be applied across all three areas, and there is a need to be selective in which one is applied to each branch of the network. This is currently the function of the engineer who can define various scenarios against a configuration, test them and iterate towards an appropriate solution. Future work will focus on increasing the level of automation in identifying areas where particular solutions are applicable.
Resumo:
Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.
Resumo:
There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.
Resumo:
Abstract: This article examines the notion and practice of Justice Reinvestment (‘JR’), an emerging approach addressing the high social and economic costs of soaring incarceration rates. JR invests in public safety by reallocating dollars from corrections budgets to finance education, housing, healthcare, and jobs in high-crime communities. Key distinguishing features of JR (including justice and asset mapping, budgetary devolution and localism, and the desirability of bipartisanship) are briefly outlined, followed by discussion of its recent emergence and application in the United States, and to a lesser extent in the United Kingdom. The prospects for the adoption of JR approaches in Australia are then considered, with particular reference to the high imprisonment rates of Indigenous people. If JR is to be promoted in the Australian context it is important that it be subject to critical scrutiny and therefore some of the key problems are briefly outlined, before a conclusion which emphasizes the potential benefits of JR.
Resumo:
Basal cell carcinoma (BCC) is a skin cancer of particular importance to the Australian community. Its rate of occurrence is highest in Queensland, where 1% to 2% of people are newly affected annually. This is an order of magnitude higher than corresponding incidence estimates in European and North American populations. Individuals with a sun-sensitive complexion are particularly susceptible because sun exposure is the single most important causative agent, as shown by the anatomic distribution of BCC which is in general consistent with the levels of sun exposure across body sites. A distinguishing feature of BCC is the occurrence of multiple primary tumours within individuals, synchronously or over time, and their diagnosis and treatment costs contribute substantially to the major public health burden caused by BCC. A primary knowledge gap about BCC pathogenesis however was an understanding of the true frequency of multiple BCC occurrences and their body distribution, and why a proportion of people do develop more than one BCC in their life. This research project sought to address this gap under an overarching research aim to better understand the detailed epidemiology of BCC with the ultimate goal of reducing the burden of this skin cancer through prevention. The particular aim was to document prospectively the rate of BCC occurrence and its associations with constitutional and environmental (solar) factors, all the while paying special attention to persons affected by more than one BCC. The study built on previous findings and recent developments in the field but set out to confirm and extend these and propose more adequate theories about the complex epidemiology of this cancer. Addressing these goals required a new approach to researching basal cell carcinoma, due to the need to account for the phenomenon of multiple incident BCCs per person. This was enabled by a 20 year community-based study of skin cancer in Australians that provided the methodological foundation for this thesis. Study participants were originally randomly selected in 1986 from the electoral register of all adult residents of the subtropical township of Nambour in Queensland, Australia. On various occasions during the study, participants were fully examined by dermatologists who documented cumulative photodamage as well as skin cancers. Participants completed standard questionnaires about skin cancer-related factors, and consented to have any diagnosed skin cancers notified to the investigators by regional pathology laboratories in Queensland. These methods allowed 100% ascertainment of histologically confirmed BCCs in this study population. 1339 participants had complete follow-up to the end of 2007. Statistical analyses in this thesis were carried out using SAS and SUDAAN statistical software packages. Modelling methods, including multivariate logistic regressions, allowed for repeated measures in terms of multiple BCCs per person. This innovative approach gave new findings on two levels, presented in five chapters as scientific papers: 1. Incidence of basal cell carcinoma multiplicity and detailed anatomic distribution: longitudinal study of an Australian population The incidence of people affected multiple times by BCC was 705 per 100,000 person years compared to an incidence rate of people singly affected of 935 per 100,000 person years. Among multiply and singly affected persons alike, site-specific BCC incidence rates were far highest on facial subsites, followed by upper limbs, trunk, and then lower limbs 2. Melanocytic nevi and basal cell carcinoma: is there an association? BCC risk was significantly increased in those with forearm nevi (Odds Ratios (OR) 1.43, 95% Confidence Intervals (CI) 1.09-1.89) compared to people without forearm nevi, especially among those who spent their time mainly outdoors (OR 1.6, 95%CI 1.1-2.3) compared to those who spent their time mainly indoors. Nevi on the back were not associated with BCC. 3. Clinical signs of photodamage are associated with basal cell carcinoma multiplicity and site: a 16-year longitudinal study Over a 16-year follow-up period, 58% of people affected by BCC developed more than one BCC. Among these people 60% developed BCCs across different anatomic sites. Participants with high numbers of solar keratoses, compared to people without solar keratoses, were most likely to experience the highest BCC counts overall (OR 3.3, 95%CI 1.4-13.5). Occurrences of BCC on the trunk (OR 3.3, 95%CI 1.4-7.6) and on the limbs (OR 3.7, 95%CI 2.0-7.0) were strongly associated with high numbers of solar keratoses on these sites. 4. Occurrence and determinants of basal cell carcinoma by histological subtype in an Australian community Among 1202 BCCs, 77% had a single growth pattern and 23% were of mixed histological composition. Among all BCCs the nodular followed by the superficial growth patterns were commonest. Risk of nodular and superficial BCCs on the head was raised if 5 or more solar keratoses were present on the face (OR 1.8, 95%CI 1.2-2.7 and OR 4.5, 95%CI 2.1-9.7 respectively) and similarly on the trunk in the presence of multiple solar keratoses on the trunk (OR 4.2, 95%CI 1.5-11.9 and OR 2.2, 95%CI 1.1-4.4 respectively). 5. Basal cell carcinoma and measures of cumulative sun exposure: an Australian longitudinal community-based study Dermal elastosis was more likely to be seen adjacent to head and neck BCCs than trunk BCCs (p=0.01). Severity of dermal elastosis increased on each site with increasing clinical signs of cutaneous sun damage on that site. BCCs that occurred without perilesional elastosis per se, were always found in an anatomic region with signs of photodamage. This thesis thus has identified the magnitude of the burden of multiple BCCs. It does not support the view that people affected by more than one BCC represent a distinct group of people who are prone to BCCs on certain body sites. The results also demonstrate that BCCs regardless of site, histology or order of occurrence are strongly associated with cumulative sun exposure causing photodamage to the skin, and hence challenge the view that BCCs occurring on body sites with typically low opportunities for sun exposure or of the superficial growth pattern are different in their association with the sun from those on typically sun-exposed sites, or nodular BCCs, respectively. Through dissemination in the scientific and medical literature, and to the community at large, these findings can ultimately assist in the primary and secondary prevention of BCC, perhaps especially in high-risk populations.
Resumo:
A predictive model of terrorist activity is developed by examining the daily number of terrorist attacks in Indonesia from 1994 through 2007. The dynamic model employs a shot noise process to explain the self-exciting nature of the terrorist activities. This estimates the probability of future attacks as a function of the times since the past attacks. In addition, the excess of nonattack days coupled with the presence of multiple coordinated attacks on the same day compelled the use of hurdle models to jointly model the probability of an attack day and corresponding number of attacks. A power law distribution with a shot noise driven parameter best modeled the number of attacks on an attack day. Interpretation of the model parameters is discussed and predictive performance of the models is evaluated.
Resumo:
Objective This article explores patterns of terrorist activity over the period from 2000 through 2010 across three target countries: Indonesia, the Philippines and Thailand. Methods We use self-exciting point process models to create interpretable and replicable metrics for three key terrorism concepts: risk, resilience and volatility, as defined in the context of terrorist activity. Results Analysis of the data shows significant and important differences in the risk, volatility and resilience metrics over time across the three countries. For the three countries analysed, we show that risk varied on a scale from 0.005 to 1.61 “expected terrorist attacks per day”, volatility ranged from 0.820 to 0.994 “additional attacks caused by each attack”, and resilience, as measured by the number of days until risk subsides to a pre-attack level, ranged from 19 to 39 days. We find that of the three countries, Indonesia had the lowest average risk and volatility, and the highest level of resilience, indicative of the relatively sporadic nature of terrorist activity in Indonesia. The high terrorism risk and low resilience in the Philippines was a function of the more intense, less clustered pattern of terrorism than what was evident in Indonesia. Conclusions Mathematical models hold great promise for creating replicable, reliable and interpretable “metrics” to key terrorism concepts such as risk, resilience and volatility.
Resumo:
This study used automated data processing techniques to calculate a set of novel treatment plan accuracy metrics, and investigate their usefulness as predictors of quality assurance (QA) success and failure. 151 beams from 23 prostate and cranial IMRT treatment plans were used in this study. These plans had been evaluated before treatment using measurements with a diode array system. The TADA software suite was adapted to allow automatic batch calculation of several proposed plan accuracy metrics, including mean field area, small-aperture, off-axis and closed-leaf factors. All of these results were compared the gamma pass rates from the QA measurements and correlations were investigated. The mean field area factor provided a threshold field size (5 cm2, equivalent to a 2.2 x 2.2 cm2 square field), below which all beams failed the QA tests. The small aperture score provided a useful predictor of plan failure, when averaged over all beams, despite being weakly correlated with gamma pass rates for individual beams. By contrast, the closed leaf and off-axis factors provided information about the geometric arrangement of the beam segments but were not useful for distinguishing between plans that passed and failed QA. This study has provided some simple tests for plan accuracy, which may help minimise time spent on QA assessments of treatments that are unlikely to pass.
Resumo:
We construct two efficient Identity-Based Encryption (IBE) systems that admit selective-identity security reductions without random oracles in groups equipped with a bilinear map. Selective-identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in an adaptive-identity attack the adversary is allowed to choose this identity adaptively. Our first system—BB1—is based on the well studied decisional bilinear Diffie–Hellman assumption, and extends naturally to systems with hierarchical identities, or HIBE. Our second system—BB2—is based on a stronger assumption which we call the Bilinear Diffie–Hellman Inversion assumption and provides another approach to building IBE systems. Our first system, BB1, is very versatile and well suited for practical applications: the basic hierarchical construction can be efficiently secured against chosen-ciphertext attacks, and further extended to support efficient non-interactive threshold decryption, among others, all without using random oracles. Both systems, BB1 and BB2, can be modified generically to provide “full” IBE security (i.e., against adaptive-identity attacks), either using random oracles, or in the standard model at the expense of a non-polynomial but easy-to-compensate security reduction.
Resumo:
We describe a short signature scheme that is strongly existentially unforgeable under an adaptive chosen message attack in the standard security model. Our construction works in groups equipped with an efficient bilinear map, or, more generally, an algorithm for the Decision Diffie-Hellman problem. The security of our scheme depends on a new intractability assumption we call Strong Diffie-Hellman (SDH), by analogy to the Strong RSA assumption with which it shares many properties. Signature generation in our system is fast and the resulting signatures are as short as DSA signatures for comparable security. We give a tight reduction proving that our scheme is secure in any group in which the SDH assumption holds, without relying on the random oracle model.
Resumo:
Multiple-time signatures are digital signature schemes where the signer is able to sign a predetermined number of messages. They are interesting cryptographic primitives because they allow to solve many important cryptographic problems, and at the same time offer substantial efficiency advantage over ordinary digital signature schemes like RSA. Multiple-time signature schemes have found numerous applications, in ordinary, on-line/off-line, forward-secure signatures, and multicast/stream authentication. We propose a multiple-time signature scheme with very efficient signing and verifying. Our construction is based on a combination of one-way functions and cover-free families, and it is secure against the adaptive chosen-message attack.
Resumo:
Recently, a convex hull-based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. While some rudimentary security issues of this protocol have been discussed, a comprehensive security analysis has been lacking. In this paper, we analyze the security of this convex hull-based protocol. In particular, we show two probabilistic attacks that reveal the user’s secret after the observation of only a handful of authentication sessions. These attacks can be efficiently implemented as their time and space complexities are considerably less than brute force attack. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values that cross the threshold of usability.
Resumo:
We study the natural problem of secure n-party computation (in the computationally unbounded attack model) of circuits over an arbitrary finite non-Abelian group (G,⋅), which we call G-circuits. Besides its intrinsic interest, this problem is also motivating by a completeness result of Barrington, stating that such protocols can be applied for general secure computation of arbitrary functions. For flexibility, we are interested in protocols which only require black-box access to the group G (i.e. the only computations performed by players in the protocol are a group operation, a group inverse, or sampling a uniformly random group element). Our investigations focus on the passive adversarial model, where up to t of the n participating parties are corrupted.
Resumo:
We show that the LASH-x hash function is vulnerable to attacks that trade time for memory, including collision attacks as fast as 2(4x/11) and preimage attacks as fast as 2(4x/7). Moreover, we briefly mention heuristic lattice based collision attacks that use small memory but require very long messages that are expected to find collisions much faster than 2 x/2. All of these attacks exploit the designers’ choice of an all zero IV. We then consider whether LASH can be patched simply by changing the IV. In this case, we show that LASH is vulnerable to a 2(7x/8) preimage attack. We also show that LASH is trivially not a PRF when any subset of input bytes is used as a secret key. None of our attacks depend upon the particular contents of the LASH matrix – we only assume that the distribution of elements is more or less uniform.
