Modeling key compromise impersonation attacks on group key exchange protocols

A key exchange protocol allows a set of parties to agree upon a secret session key over a public network. Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, the security attribute of key compromise impersonation (KCI) resilience has so far been ignored for the case of GKE protocols. We first model the security of GKE protocols addressing KCI attacks by both outsider and insider adversaries. We then show that a few existing protocols are not secure even against outsider KCI attacks. The attacks on these protocols demonstrate the necessity of considering KCI resilience for GKE protocols. Finally, we give a new proof of security for an existing GKE protocol under the revised model assuming random oracles.

A sustainable model for supporting entrepreneurship in developing countries

Principal Topic Small and micro-enterprises are believed to play a significant part in economic growth and poverty allevition in developing countries. However, there are a range of issues that arise when looking at the support required for local enterprise development, the role of micro finance and sustainability. This paper explores the issues associated with the establishment and resourcing of micro-enterprise develoment and proposes a model of sustainable support of enterprise development in very poor developing economies, particularly in Africa. The purpose of this paper is to identify and address the range of issues raised by the literature and empirical research in Africa, regarding micro-finance and small business support, and to develop a model for sustainable support for enterprise development within a particular cultural and economic context. Micro-finance has become big business with a range of models - from those that operate on a strictly business basis to those that come from a philanthropic base. The models used grow from a range of philosophical and cultural perspectives. Entrepreneurship training is provided around the world. Success is often measured by the number involved and the repayment rates - which are very high, largely because of the lending models used. This paper will explore the range of options available and propose a model that can be implemented and evaluated in rapidly changing developing economies. Methodology/Key Propositions The research draws on entrepreneurial and micro-finance literature and empirical research undertaken in Mozambique, which lies along the Indian ocean sea border of Southern Africa. As a result of war and natural disasters over a prolonged period, there is little industry, primary industries are primitive and there is virtually no infrastructure. Mozambique is ranked as one of the poorest countries in the world. The conditions in Mozambique, though not identical, reflect conditions in many other parts of Africa. A numebr of key elements in the development of enterprises in poor countries are explored including: Impact of micro-finance Sustainable models of micro-finance Education and training Capacity building Support mechanisms Impact on poverty, families and the local economy Survival entrepreneurship versus growth entrepreneurship Transitions to the formal sector. Results and Implications The result of this study is the development of a model for providing intellectual and financial resources to micro-entrepreneurs in poor developing countries in a sustainable way. The model provides a base for ongoing research into the process of entrepreneurial growth in African developing economies. The research raises a numeber of issues regarding sustainability including the nature of the donor/recipient relationship, access to affordable resources, the impact of individual entrepreneurial activity on the local economny and the need for ongoing research to understand the whole process and its impact, intended and unintended.

Value creation and value capture fro open source software publisher : a new business model based on mutualisation

Key topics: Since the birth of the Open Source movement in the mid-80's, open source software has become more and more widespread. Amongst others, the Linux operating system, the Apache web server and the Firefox internet explorer have taken substantial market shares to their proprietary competitors. Open source software is governed by particular types of licenses. As proprietary licenses only allow the software's use in exchange for a fee, open source licenses grant users more rights like the free use, free copy, free modification and free distribution of the software, as well as free access to the source code. This new phenomenon has raised many managerial questions: organizational issues related to the system of governance that underlie such open source communities (Raymond, 1999a; Lerner and Tirole, 2002; Lee and Cole 2003; Mockus et al. 2000; Tuomi, 2000; Demil and Lecocq, 2006; O'Mahony and Ferraro, 2007;Fleming and Waguespack, 2007), collaborative innovation issues (Von Hippel, 2003; Von Krogh et al., 2003; Von Hippel and Von Krogh, 2003; Dahlander, 2005; Osterloh, 2007; David, 2008), issues related to the nature as well as the motivations of developers (Lerner and Tirole, 2002; Hertel, 2003; Dahlander and McKelvey, 2005; Jeppesen and Frederiksen, 2006), public policy and innovation issues (Jullien and Zimmermann, 2005; Lee, 2006), technological competitions issues related to standard battles between proprietary and open source software (Bonaccorsi and Rossi, 2003; Bonaccorsi et al. 2004, Economides and Katsamakas, 2005; Chen, 2007), intellectual property rights and licensing issues (Laat 2005; Lerner and Tirole, 2005; Gambardella, 2006; Determann et al., 2007). A major unresolved issue concerns open source business models and revenue capture, given that open source licenses imply no fee for users. On this topic, articles show that a commercial activity based on open source software is possible, as they describe different possible ways of doing business around open source (Raymond, 1999; Dahlander, 2004; Daffara, 2007; Bonaccorsi and Merito, 2007). These studies usually look at open source-based companies. Open source-based companies encompass a wide range of firms with different categories of activities: providers of packaged open source solutions, IT Services&Software Engineering firms and open source software publishers. However, business models implications are different for each of these categories: providers of packaged solutions and IT Services&Software Engineering firms' activities are based on software developed outside their boundaries, whereas commercial software publishers sponsor the development of the open source software. This paper focuses on open source software publishers' business models as this issue is even more crucial for this category of firms which take the risk of investing in the development of the software. Literature at last identifies and depicts only two generic types of business models for open source software publishers: the business models of ''bundling'' (Pal and Madanmohan, 2002; Dahlander 2004) and the dual licensing business models (Välimäki, 2003; Comino and Manenti, 2007). Nevertheless, these business models are not applicable in all circumstances. Methodology: The objectives of this paper are: (1) to explore in which contexts the two generic business models described in literature can be implemented successfully and (2) to depict an additional business model for open source software publishers which can be used in a different context. To do so, this paper draws upon an explorative case study of IdealX, a French open source security software publisher. This case study consists in a series of 3 interviews conducted between February 2005 and April 2006 with the co-founder and the business manager. It aims at depicting the process of IdealX's search for the appropriate business model between its creation in 2000 and 2006. This software publisher has tried both generic types of open source software publishers' business models before designing its own. Consequently, through IdealX's trials and errors, I investigate the conditions under which such generic business models can be effective. Moreover, this study describes the business model finally designed and adopted by IdealX: an additional open source software publisher's business model based on the principle of ''mutualisation'', which is applicable in a different context. Results and implications: Finally, this article contributes to ongoing empirical work within entrepreneurship and strategic management on open source software publishers' business models: it provides the characteristics of three generic business models (the business model of bundling, the dual licensing business model and the business model of mutualisation) as well as conditions under which they can be successfully implemented (regarding the type of product developed and the competencies of the firm). This paper also goes further into the traditional concept of business model used by scholars in the open source related literature. In this article, a business model is not only considered as a way of generating incomes (''revenue model'' (Amit and Zott, 2001)), but rather as the necessary conjunction of value creation and value capture, according to the recent literature about business models (Amit and Zott, 2001; Chresbrough and Rosenblum, 2002; Teece, 2007). Consequently, this paper analyses the business models from these two components' point of view.

What’s in a handshake? Exploring business-to-business relational exchange

Despite its importance in the development of competitive advantage, attempts to unify diverse classifications of business-to-business relational exchange have been largely unsuccessful. We used 18 semi-structured, in-depth interviews with managers from a wide range of industries to explain the business-to-business relational exchange construct. Analysis of the data revealed that business-to-business relational exchange comprises five key dimensions. These are communication, compatibility, commitment, trust and power symmetry. The research highlights the importance of personal interaction in business relationships and provided additional insights into the importance of affective commitment. In addition we reveal a number of negative consequences of affective commitment, which have been previously unexplored. A new conceptual model of business-to-business relational exchange is presented, which synthesises these findings and directs future research.

Multi-factor password-authenticated key exchange

We consider a new form of authenticated key exchange which we call multi-factor password-authenticated key exchange, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a long-term password and a one-time response, allowing the client and server to be mutually assured of each other's identity without directly disclosing private information to the other party. Multi-factor authentication can provide an enhanced level of assurance in higher-security scenarios such as online banking, virtual private network access, and physical access because a multi-factor protocol is designed to remain secure even if all but one of the factors has been compromised. We introduce a security model for multi-factor password-authenticated key exchange protocols, propose an efficient and secure protocol called MFPAK, and provide a security argument to show that our protocol is secure in this model. Our security model is an extension of the Bellare-Pointcheval-Rogaway security model for password-authenticated key exchange and accommodates an arbitrary number of symmetric and asymmetric authentication factors.

One-time-password-authenticated key exchange

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. ---------- We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.

Predicate-based key exchange

We provide the first description of and security model for authenticated key exchange protocols with predicate-based authentication. In addition to the standard goal of session key security, our security model also provides for credential privacy: a participating party learns nothing more about the other party's credentials than whether they satisfy the given predicate. Our model also encompasses attribute-based key exchange since it is a special case of predicate-based key exchange.---------- We demonstrate how to realize a secure predicate-based key exchange protocol by combining any secure predicate-based signature scheme with the basic Diffie-Hellman key exchange protocol, providing an efficient and simple solution.

Design and analysis of group key exchange protocols

A group key exchange (GKE) protocol allows a set of parties to agree upon a common secret session key over a public network. In this thesis, we focus on designing efficient GKE protocols using public key techniques and appropriately revising security models for GKE protocols. For the purpose of modelling and analysing the security of GKE protocols we apply the widely accepted computational complexity approach. The contributions of the thesis to the area of GKE protocols are manifold. We propose the first GKE protocol that requires only one round of communication and is proven secure in the standard model. Our protocol is generically constructed from a key encapsulation mechanism (KEM). We also suggest an efficient KEM from the literature, which satisfies the underlying security notion, to instantiate the generic protocol. We then concentrate on enhancing the security of one-round GKE protocols. A new model of security for forward secure GKE protocols is introduced and a generic one-round GKE protocol with forward security is then presented. The security of this protocol is also proven in the standard model. We also propose an efficient forward secure encryption scheme that can be used to instantiate the generic GKE protocol. Our next contributions are to the security models of GKE protocols. We observe that the analysis of GKE protocols has not been as extensive as that of two-party key exchange protocols. Particularly, the security attribute of key compromise impersonation (KCI) resilience has so far been ignored for GKE protocols. We model the security of GKE protocols addressing KCI attacks by both outsider and insider adversaries. We then show that a few existing protocols are not secure against KCI attacks. A new proof of security for an existing GKE protocol is given under the revised model assuming random oracles. Subsequently, we treat the security of GKE protocols in the universal composability (UC) framework. We present a new UC ideal functionality for GKE protocols capturing the security attribute of contributiveness. An existing protocol with minor revisions is then shown to realize our functionality in the random oracle model. Finally, we explore the possibility of constructing GKE protocols in the attribute-based setting. We introduce the concept of attribute-based group key exchange (AB-GKE). A security model for AB-GKE and a one-round AB-GKE protocol satisfying our security notion are presented. The protocol is generically constructed from a new cryptographic primitive called encapsulation policy attribute-based KEM (EP-AB-KEM), which we introduce in this thesis. We also present a new EP-AB-KEM with a proof of security assuming generic groups and random oracles. The EP-AB-KEM can be used to instantiate our generic AB-GKE protocol.

Diffusion tensor of water in model articular cartilage

We used Monte Carlo simulations of Brownian dynamics of water to study anisotropic water diffusion in an idealised model of articular cartilage. The main aim was to use the simulations as a tool for translation of the fractional anisotropy of the water diffusion tensor in cartilage into quantitative characteristics of its collagen fibre network. The key finding was a linear empirical relationship between the collagen volume fraction and the fractional anisotropy of the diffusion tensor. Fractional anisotropy of the diffusion tensor is potentially a robust indicator of the microstructure of the tissue because, in the first approximation, it is invariant to the inclusion of proteoglycans or chemical exchange between free and collagen-bound water in the model. We discuss potential applications of Monte Carlo diffusion-tensor simulations for quantitative biophysical interpretation of MRI diffusion-tensor images of cartilage. Extension of the model to include collagen fibre disorder is also discussed.

Model interoperability in building information modelling

The exchange of design models in the design and construction industry is evolving away from 2-dimensional computer-aided design (CAD) and paper towards semantically-rich 3-dimensional digital models. This approach, known as Building Information Modelling (BIM), is anticipated to become the primary means of information exchange between the various parties involved in construction projects. From a technical perspective, the domain represents an interesting study in model-based interoperability, since the models are large and complex, and the industry is one in which collaboration is a vital part of business. In this paper, we present our experiences with issues of model-based interoperability in exchanging building information models between various tools, and in implementing tools which consume BIM models, particularly using the industry standard IFC data modelling format. We report on the successes and challenges in these endeavours, as the industry endeavours to move further towards fully digitised information exchange.

Automating computational proofs for public-key-based key exchange

We present an approach to automating computationally sound proofs of key exchange protocols based on public-key encryption. We show that satisfying the property called occultness in the Dolev-Yao model guarantees the security of a related key exchange protocol in a simple computational model. Security in this simpler model has been shown to imply security in a Bellare {Rogaway-like model. Furthermore, the occultness in the Dolev-Yao model can be searched automatically by a mechanisable procedure. Thus automated proofs for key exchange protocols in the computational model can be achieved. We illustrate the method using the well-known Lowe-Needham-Schroeder protocol.

Encryption schemes and key exchange protocols in the certificateless setting

The contributions of this thesis fall into three areas of certificateless cryptography. The first area is encryption, where we propose new constructions for both identity-based and certificateless cryptography. We construct an n-out-of- n group encryption scheme for identity-based cryptography that does not require any special means to generate the keys of the trusted authorities that are participating. We also introduce a new security definition for chosen ciphertext secure multi-key encryption. We prove that our construction is secure as long as at least one authority is uncompromised, and show that the existing constructions for chosen ciphertext security from identity-based encryption also hold in the group encryption case. We then consider certificateless encryption as the special case of 2-out-of-2 group encryption and give constructions for highly efficient certificateless schemes in the standard model. Among these is the first construction of a lattice-based certificateless encryption scheme. Our next contribution is a highly efficient certificateless key encapsulation mechanism (KEM), that we prove secure in the standard model. We introduce a new way of proving the security of certificateless schemes based that are based on identity-based schemes. We leave the identity-based part of the proof intact, and just extend it to cover the part that is introduced by the certificateless scheme. We show that our construction is more efficient than any instanciation of generic constructions for certificateless key encapsulation in the standard model. The third area where the thesis contributes to the advancement of certificateless cryptography is key agreement. Swanson showed that many certificateless key agreement schemes are insecure if considered in a reasonable security model. We propose the first provably secure certificateless key agreement schemes in the strongest model for certificateless key agreement. We extend Swanson's definition for certificateless key agreement and give more power to the adversary. Our new schemes are secure as long as each party has at least one uncompromised secret. Our first construction is in the random oracle model and gives the adversary slightly more capabilities than our second construction in the standard model. Interestingly, our standard model construction is as efficient as the random oracle model construction.

The development and evaluation of a culturally affirmative counselling model for deaf clients in Australia

In Australia, there is only one, newly established, dedicated mental health service catering specifically for the signing *Deaf community. It is staffed by four part-time hearing professionals and based in Brisbane. There are currently no Deaf psychologists or psychiatrists and there is no valid or reliable empirical evidence on outcomes for Deaf people accessing specialised or mainstream mental health services. Further compounding these issues, is the fact that there are no sign language versions of the most common standardised mental health or psychological instruments available to clinicians in Australia. Contemporary counselling literature is acknowledging the role of the therapeutic alliance and the impact of 'common factors' on therapeutic outcomes. However, these issues are complicated by the relationship between the Deaf client and the hearing therapist being a cross-cultural exchange. The disability model of deafness is contentious and few professionals in Australia have the requisite knowledge and understanding of deafness from a cultural perspective to attend to the therapeutic relationship with this in mind. Consequently, Deaf people are severely disadvantaged by the current lack of services, resources and skilled professionals in the field of deafness and psychology in this country. The primary aim of the following program of research has been to propose a model for culturally affirmative service delivery and to provide clinicians with tools to evaluate the effect of their therapeutic work with Deaf people seeking mental health treatment. The research document is presented as a thesis by publication and comprises four specific objectives formulated in response to the lack of existing services and resources. The first objective was to explore the use of social constructionist counselling techniques and a reflecting team with Deaf clients, hearing therapists and an interpreter. Following the establishment of a pilot counselling clinic, indepth semi-structured interviews were conducted with two long-term clients following the one year pilot of this service. These interviews generated recommendations for the development of a new 'enriched' model of counselling to be implemented and evaluated in later stages of the research program. The second objective was to identify appropriate psychometric measures that could be translated into Australian Sign Language (Auslan) for research into efficacy, effectiveness and counselling outcomes. Two instruments were identified as potentially suitable; the Outcome Rating Scale (ORS), a measure of global functioning, and the Session Rating Scale (SRS), a measure of therapeutic alliance. A specialised team of bi-lingual and bi-cultural interpreters, native signers and the primary researcher for this thesis, produced the ORS-Auslan and the SRS-Auslan in DVD format, using the translation and back-translation process. The third objective was to establish the validity and reliability of these new Auslan measures based on normative data from the Deaf community. Data from the ORS-Auslan was collected from one clinical and one non-clinical sample of Deaf people. Statistical analyses revealed that the ORS-Auslan is reliable, valid and adequately distinguishes between clinical and non-clinical presentations. Furthermore, construct validity has been established using a yet to be validated sign language version of the Depression, Anxiety and Stress Scale-21 items (DASS-21), providing a platform for further research using the DASS-21 with Deaf people. The fourth objective was to evaluate counselling outcomes following the implementation of an enriched counselling service, based on the findings generated by the first objective, and using the newly translated Auslan measures. A second university counselling clinic was established and implemented over the course of one year. Practice-based evidence guided the research and the ORS-Auslan and the SRS-Auslan were administered at every session and provided outcome data on Deaf clients' global functioning. Data from six clients over the course of ten months indicated that this culturally affirmative model was an effective approach for these six clients. This is the first time that outcome data have been collected in Australia using valid and reliable Auslan measures to establish preliminary evidence for the effectiveness of any therapeutic intervention for clinical work with adult, signing Deaf clients. The research generated by this thesis contributes theoretical knowledge, professional development and practical resources that can be used by a variety of mental health clinicians in the context of mental health service delivery to Deaf clients in Australia.

Towards a provably secure DoS-Resilient key exchange protocol with perfect forward secrecy

Just Fast Keying (JFK) is a simple, efficient and secure key exchange protocol proposed by Aiello et al. (ACM TISSEC, 2004). JFK is well known for its novel design features, notably its resistance to denial-of-service (DoS) attacks. Using Meadows’ cost-based framework, we identify a new DoS vulnerability in JFK. The JFK protocol is claimed secure in the Canetti-Krawczyk model under the Decisional Diffie-Hellman (DDH) assumption. We show that security of the JFK protocol, when reusing ephemeral Diffie-Hellman keys, appears to require the Gap Diffie-Hellman (GDH) assumption in the random oracle model. We propose a new variant of JFK that avoids the identified DoS vulnerability and provides perfect forward secrecy even under the DDH assumption, achieving the full security promised by the JFK protocol.

Anonymity and one-way authentication in key exchange protocols

Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.