Formalising human recognition : a fundamental building block for security proofs

A fundamental part of many authentication protocols which authenticate a party to a human involves the human recognizing or otherwise processing a message received from the party. Examples include typical implementations of Verified by Visa in which a message, previously stored by the human at a bank, is sent by the bank to the human to authenticate the bank to the human; or the expectation that humans will recognize or verify an extended validation certificate in a HTTPS context. This paper presents general definitions and building blocks for the modelling and analysis of human recognition in authentication protocols, allowing the creation of proofs for protocols which include humans. We cover both generalized trawling and human-specific targeted attacks. As examples of the range of uses of our construction, we use the model presented in this paper to prove the security of a mutual authentication login protocol and a human-assisted device pairing protocol.

Risky business : mapping ethical landscapes and negotiating governance tensions when researching female offending

Whilst there is an excellent and growing body of literature around female criminality underpinned by feminist methodologies, the nitty gritty of the methodological journey is nowhere as well detailed as it is in the context of the Higher Degree Research (HDR) thesis. Thus the purpose of this paper is threefold: i) to explore a range of feminist methodologies underpinning 20 Australian HDR theses focussing on female criminality; ii) to identify and map the governance/ethics tensions experienced by these researchers whilst undertaking high risk research in the area of female offending; and iii) to document strategies drawn from negotiations, resolutions and outcomes to a range of gate-keeping issues. By exploring the strategies used by these researchers, this paper aims to: promote discussion on feminist methodologies; highlight pathways that may be created when negotiating the challenging process of accessing data pertinent to this relatively understudied area; contribute to a community of practice; and provide useful insights into what Mason & Stubbs (2010:16) refer to as “the open and honest reflexivity through the research process by describing the assumptions, and hiccups” for future researchers navigating governance landscapes.

Security analysis of linearly filtered NLFSRs

Non-linear feedback shift register (NLFSR) ciphers are cryptographic tools of choice of the industry especially for mobile communication. Their attractive feature is a high efficiency when implemented in hardware or software. However, the main problem of NLFSR ciphers is that their security is still not well investigated. The paper makes a progress in the study of the security of NLFSR ciphers. In particular, we show a distinguishing attack on linearly filtered NLFSR (or LF-NLFSR) ciphers. We extend the attack to a linear combination of LF-NLFSRs. We investigate the security of a modified version of the Grain stream cipher and show its vulnerability to both key recovery and distinguishing attacks.

Citizenship, community, public space and the marginalisation of children and young people

Throughout Australia (and in comparable urban contexts around the world) public spaces may be said to be under attack by developers and also attempts by civic authorities to regulate, restrict, rebrand and reframe them. A consequence of the increasingly security driven, privatised and surveilled nature of public space is the exclusion and displacement of those considered flawed and unwelcome in the ‘spectacular’ consumption spaces of many major urban centres. In the name of urban regeneration, processes of securitisation, ‘gentrification’ and creative cities discourses can refashion public space as sites of selective inclusion and exclusion. In this context of monitoring and control procedures, children and young people’s use of space in parks, neighbourhoods, shopping malls and streets is often viewed as a threat to the social order, requiring various forms of punitive and/or remedial action. This paper discusses developments in the surveillance, governance and control of public space used by children and young people in particular and the capacity for their displacement and marginality, diminishing their sense of place and belonging, and right to public space as an expression of their civil, political and social citizenship(s).

Corporate ownership, corporate governance reform and timeliness of earnings : Malaysian evidence

This paper provides the first evidence showing that ownership concentration and the identity of the largest shareholder matter to the timeliness of corporate earnings, measured by a stock price-based timeliness metric and the reporting lag. Using panel data of 1276 Malaysian firms from 1996 to 2009, we find a non-linear relationship between concentrated ownership, measured by the largest shareholding in a firm, and the reporting lag but not the timeliness of price discovery. Although firms with government as the largest shareholder and political connections have a significantly shorter reporting lag, only the former are timelier in price discovery. Firms with family and foreigners as the largest shareholder however are less timely in price discovery. While the reporting lag is shorter in the period after the integration of the Malaysian Code of Corporate Governance (MCCG) into Bursa listing rules, its impact on the timeliness of price discovery is mostly immaterial.

Computer security incidents against Australian businesses : predictors of victimisation

Drawing on data from the Australian Business Assessment of Computer User Security (ABACUS) survey, this paper examines a range of factors that may influence businesses’ likelihood of being victimised by a computer security incident. It has been suggested that factors including business size, industry sector, level of outsourcing, expenditure on computer security functions and types of computer security tools and/or policies used may influence the probability of particular businesses experiencing such incidents. This paper uses probability modelling to test whether this is the case for the 4,000 businesses that responded to the ABACUS survey. It was found that the industry sector that a business belonged to, and business expenditure on computer security, were not related to businesses’ likelihood of detecting computer security incidents. Instead, the number of employees that a business has and whether computer security functions were outsourced were found to be key indicators of businesses’ likelihood of detecting incidents. Some of the implications of these findings are considered in this paper.

Co-production of actions and activities at airport security screening

In this paper we will examine passenger actions and activities at the security screening points of Australian domestic and international airports. Our findings and analysis provide a more complete understanding of the current airport passenger security screening experience. Data in this paper is comprised of field studies conducted at two Australian airports, one domestic and one international. Video data was collected by cameras situated either side of the security screening point. A total of one hundred and ninety-six passengers were observed. Two methods of analysis are used. First, the activities of passengers are coded and analysed to reveal the common activities at domestic and international security regimes and between quiet and busy periods. Second, observation of passenger activities is used to reveal uncommon aspects. The results show that passengers do more at security screening that being passively scanned. Passengers queue, unpack the required items from their bags and from their pockets, walk through the metal-detector, re-pack and occasionally return to be re-screened. For each of these activities, passengers must understand the procedures at the security screening point and must co-ordinate various actions and objects in time and space. Through this coordination passengers are active participants in making the security checkpoint function – they are co-producers of the security screening process.

The power of hands-on exercises in SCADA cyber security education

For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet, making them vulnerable and exposed to the same risks as those experiencing cyber-attacks on a conventional network. Very often SCADA networks services are viewed as a specialty subject, more relevant to engineers than standard IT personnel. Educators from two Australian universities have recognised these cultural issues and highlighted the gap between specialists with SCADA systems engineering skills and the specialists in network security with IT background. This paper describes a learning approach designed to help students to bridge this gap, gain theoretical knowledge of SCADA systems' vulnerabilities to cyber-attacks via experiential learning and acquire practical skills through actively participating in hands-on exercises.

Suicide and the therapeutic coroner : inquests, governance and the grieving family

This study of English Coronial practice raises a number of questions about the role played by the Coroner within contemporary governance. Following observations at over 20 inquests into possible suicides and in-depth interviews with six Coroners, three preliminary issue emerged, all of which pointed to a broader and, in many ways, more significant issue. These preliminary issues are concerned with: (1) the existence of considerable slippages between different Coroners over which deaths are likely to be classified as suicide; (2) the high standard of proof required and immense pressure faced by Coroners from family members at inquest to reach any verdict other than suicide, which significantly depresses likely suicide rates, and; (3) Coroners feeling no professional obligation, either individually or collectively, to contribute to the production of consistent and useful social data regarding suicide, arguably rendering comparative suicide statistics relatively worthless. These concerns lead, ultimately, to the second more important question about the role expected of Coroners within social governance and within an effective, contemporary democracy. That is, are Coroners the principal officers in the public administration of death; or are they, first and foremost, a crucial part of the grieving process, one that provides important therapeutic interventions into the mental and emotional health of the community?

Can water security be achieved in the urban environment through the implementation of the Neo Institutional theory government regulation and legislation?

The research seeks to address the current global water crisis and the built environments effect on the increasing demand for sustainability and water security. The fundamental question in determining the correct approach for water security in the built environment is whether government regulation and legislation could provide the framework for sustainable development and the conscious shift providing that change is the only perceivable option, there is no alternative. This article will attempt to analyse the value of the neo institutional theory as a method for directing individuals and companies to conform to water saving techniques. As is highlighted throughout the article, it will be investigated whether an incentive verse punishment approach to government legislations and regulations would provide the framework required to ensure water security within the built environment. Individuals and companies make certain choices or perform certain actions not because they fear punishment or attempt to conform; neither do they do so because an action is appropriate or feels some sort of social obligation. Instead, the cognitive element of neo institutionalism suggests that individuals make certain choices because they can conceive no alternative. The research seeks to identify whether sustainability and water security can become integrated into all aspects of design and architecture through the perception that 'there is no alternative.' This report seeks to address the omission of water security in the built environment by reporting on a series of investigations, interviews, literature reviews, exemplars and statistics relating to the built environment and the potential for increased water security. The results and analysis support the conclusions that through the support of government and local council, sustainability in the built environment could be achieved and become common practice for developments. Highlighted is the approach required for water management systems integration into the built environment and how these can be developed and maintained effectively between cities, states, countries and cultures.

Public Space and the Marginalisation of Children and Young People

Throughout much of the world, urban and rural public spaces may be said to be under attack by property developers, commercial interests and also attempts by civic authorities to regulate, restrict, reframe and rebrand these spaces. A consequence of the increasingly security driven, privatised, commercial and surveilled nature of public space is the exclusion and displacement of those considered ‘flawed’ and unwelcome in the ‘spectacular’ consumption spaces of many major urban centres. In the name of urban regeneration, processes of securitisation, ‘gentrification’ and creative cities initiatives can act to refashion public space as sites of selective inclusion and exclusion. The use of surveillance and other control technologies as deployed in and around the UK ‘Riots’ of 2011 may help to promote and encourage a passing sense of personal safety and confidence in using public space. Through systems of social sorting, the same surveillance assemblages can also further the physical, emotional and psychological exclusion of certain groups and individuals, deemed to be both ‘out of time and out of place’ in major zones of urban, conspicuous, consumption. In this harsh environment of monitoring and control procedures, children and young people’s use of public spaces and places in parks, neighbourhoods, shopping malls and streets is often viewed as a threat to social order, requiring various forms of punitive and/or remedial action. Much of this civic action actively excludes some children and young people from participation and as a consequence, their trust in local processes and communities is eroded. This paper discusses worldwide developments in the surveillance, governance and control of the public space environments used by children and young people in particular and the capacity for their displacement and marginality, diminishing their sense of belonging, wellbeing and rights to public space as an expression of their social, political and civil citizenship(s).

Validation of an instrument to measure governance and performance on collaborative infrastructure projects

Collaborative infrastructure projects use hybrid formal and informal governance structures to manage transactions. Based on previous desk-top research, the authors identified the key mechanisms underlying project governance, and posited the performance implications of the governance (Chen et al. 2012). The current paper extends that qualitative research by testing the veracity of those findings using data from 320 Australian construction organisations. The results provide, for the first time, reliable and valid scales to measure governance and performance of collaborative projects, and the relationship between them. The results confirm seven of seven hypothesised governance mechanisms; 30 of 43 hypothesised underlying actions; eight of eight hypothesised key performance indicators; and the dual importance of formal and informal governance. A startling finding of the study was that the implementation intensity of informal mechanisms (non-contractual conditions) is a greater predictor of project performance variance than that of formal mechanisms (contractual conditions). Further, contractual conditions do not directly impact project performance; instead their impact is mediated by the non-contractual features of a project. Obligations established under the contract are not sufficient to optimise project performance.

Governance challenges in the global games industry

Current governance challenges facing the global games industry are heavily dominated by online games. Whilst much academic and industry attention has been afforded to Virtual Worlds, the more pressing contemporary challenges may arise in casual games, especially when found on social networks. As authorities are faced with an increasing volume of disputes between participants and platform operators, the likelihood of external regulation increases, and the role that such regulation would have on the industry – both internationally and within specific regions – is unclear. Kelly (2010) argues that “when you strip away the graphics of these [social] games, what you are left with is simply a button [...] You push it and then the game returns a value of either Win or Lose”. He notes that while “every game developer wants their game to be played, preferably addictively, because it’s so awesome”, these mechanics lead not to “addiction of engagement through awesomeness” but “the addiction of compulsiveness”, surmising that “the reality is that they’ve actually sort-of kind-of half-intentionally built a virtual slot machine industry”. If such core elements of social game design are questioned, this gives cause to question the real-money options to circumvent them. With players able to purchase virtual currency and speed the completion of tasks, the money invested by the 20% purchasing in-game benefits (Zainwinger, 2012) may well be the result of compulsion. The decision by the Japanese Consumer Affairs agency to investigate the ‘Kompu Gacha’ mechanic (in which players are rewarded for completing a set of items obtained through purchasing virtual goods such as mystery boxes), and the resultant verdict that such mechanics should be regulated through gambling legislation, demonstrates that politicians are beginning to look at the mechanics deployed in these environments. Purewal (2012) states that “there’s a reasonable argument that complete gacha would be regulated under gambling law under at least some (if not most) Western jurisdictions”. This paper explores the governance challenged within these games and platforms, their role in the global industry, and current practice amongst developers in the Australian and United States to address such challenges.