391 resultados para privacy-preserving
Resumo:
A new era of cyber warfare has appeared on the horizon with the discovery and detection of Stuxnet. Allegedly planned, designed, and created by the United States and Israel, Stuxnet is considered the first known cyber weapon to attack an adversary state. Stuxnet's discovery put a lot of attention on the outdated and obsolete security of critical infrastructure. It became very apparent that electronic devices that are used to control and operate critical infrastructure like programmable logic controllers (PLCs) or supervisory control and data acquisition (SCADA) systems lack very basic security and protection measures. Part of that is due to the fact that when these devices were designed, the idea of exposing them to the Internet was not in mind. However, now with this exposure, these devices and systems are considered easy prey to adversaries.
Resumo:
The invention of asymmetric encryption back in the seventies was a conceptual leap that vastly increased the expressive power of encryption of the times. For the first time, it allowed the sender of a message to designate the intended recipient in an cryptographic way, expressed as a “public key” that was related to but distinct from the “private key” that, alone, embodied the ability to decrypt. This made large-scale encryption a practical and scalable endeavour, and more than anything else—save the internet itself—led to the advent of electronic commerce as we know and practice it today.
Resumo:
Using Media-Access-Control (MAC) address for data collection and tracking is a capable and cost effective approach as the traditional ways such as surveys and video surveillance have numerous drawbacks and limitations. Positioning cell-phones by Global System for Mobile communication was considered an attack on people's privacy. MAC addresses just keep a unique log of a WiFi or Bluetooth enabled device for connecting to another device that has not potential privacy infringements. This paper presents the use of MAC address data collection approach for analysis of spatio-temporal dynamics of human in terms of shared space utilization. This paper firstly discuses the critical challenges and key benefits of MAC address data as a tracking technology for monitoring human movement. Here, proximity-based MAC address tracking is postulated as an effective methodology for analysing the complex spatio-temporal dynamics of human movements at shared zones such as lounge and office areas. A case study of university staff lounge area is described in detail and results indicates a significant added value of the methodology for human movement tracking. By analysis of MAC address data in the study area, clear statistics such as staff’s utilisation frequency, utilisation peak periods, and staff time spent is obtained. The analyses also reveal staff’s socialising profiles in terms of group and solo gathering. The paper is concluded with a discussion on why MAC address tracking offers significant advantages for tracking human behaviour in terms of shared space utilisation with respect to other and more prominent technologies, and outlines some of its remaining deficiencies.
Resumo:
INTRODUCTION CASES For a number of years, Professor Myles McGregor-Lowndes, Frances Hannah and Anne Overell have compiled one to two page summaries of cases involving nonprofit organisations and published them on The Australian Centre for Philanthropy and Nonprofit Studies, Developing Your Organisation (DYO) website.1 You can be alerted of new case summaries as they are posted to the DYO website by subscribing to the ACPNS RSS feed or the ACPNS twitter service.2 There were some very significant cases during 2013, such as Commissioner of Taxation v Cancer & Bowel Research Association (see case notes 2.8.2 and 2.8.11), The Hunger Project case which is under appeal, but could change the face of PBI jurisprudence (see case note 2.8.7) while Home Health Pty Ltd retained the PBI status quo but might have been different if appealed (see case note 2.8.8). For sheer interest there is nothing better in my 30 odd years of reading tax and charity judgements than case involving The Study and Prevention of Psychological Diseases Foundation Incorporated (see case note 2.1.1). It even rivals some of the more bizarre cases from the US jurisdiction of which St Joseph Abbey v Castille (case note 2.10.9) is certainly ‘dead centre’. A set of cases which stand out for attention are those involving New Zealand’s Christchurch Cathedral which anyone with responsibility for heritage-listed buildings should study carefully, for implications in relation to their own circumstances. A number of cases summarised in this Almanac are working their way through the appeals process and care should be taken with their application. In addition, some of the cases are from jurisdictions outside Australia, and readers should exercise caution when considering the implications of these cases for Australian law. LEGISLATION The Almanac includes a review of major statutory amendments during 2013, which are relevant to the nonprofit sector in all Australian jurisdictions. Special thanks must go to Nathan MacDonald and the JusticeConnect team for providing legislative updates for Victoria. SPECIAL ISSUES DURING 2013 A number of legal practitioners have contributed articles on significant legal issues facing nonprofit organisations: charitable trusts giving to government entities (Alice Macdougall); workplace bullying (Tim Longwill); and privacy (James Tan and Nina Brewer). WORLD ROUND-UP Major developments from the UK and Ireland (Kerry O’Halloran), Canada (Peter Broder), New Zealand (Michael Gousmett and Susan Barker) and Jamaica (Frances Hannah) are all summarised in a review of a significant part of the common law charity jurisdictions. WHAT DOES 2014 HOLD The final section moves from looking in the rear view mirror to peering out the front windscreen to discern the reform agenda. The view from the windscreen in 2013 was of considerable reform traffic at the Commonwealth level jostling for a place in the parliamentary agenda. This year is quite different with a smaller number of vehicles ahead, but the potential for significant impact.
Resumo:
The most widely used introduction to the Australian media, fully updated to reflect the increasing prominence of the internet in the communication and entertainment industries. Description Traditional media are being reshaped by digital technologies. The funding model for quality journalism has been undermined by the drift of advertising online, demarcations between different forms of media are rapidly fading, and audiences have fragmented. We can catch up with our favourite TV show on a tablet, social media can be more important than mainstream radio in a crisis, and organisations large and small have become publishers in their own right on apps. Nevertheless mainstream media remain powerful. The Media and Communications in Australia offers a systematic introduction to this dynamic field. Fully updated and revised to take account of recent developments, this fourth edition outlines the key media industries and explains how communications technologies are impacting on them. It provides a thorough overview of the main approaches taken in studying the media, and includes an expanded 'issues' section with new chapters on social media, gaming, apps, the environment, media regulation, ethics and privacy. With contributions from some of Australia's best researchers and teachers in the field, The Media and Communications in Australia remains the most comprehensive and reliable introduction to media and communications available. It is an ideal student text, and a reference for teachers of media and anyone interested in this influential industry.
Resumo:
At the end of the first decade of the twenty-first century, there is unprecedented awareness of the need for a transformation in development, to meet the needs of the present while also preserving the ability of future generations to meet their own needs. However, within engineering, educators still tend to regard such development as an ‘aspect’ of engineering rather than an overarching meta-context, with ad hoc and highly variable references to topics. Furthermore, within a milieu of interpretations there can appear to be conflicting needs for achieving sustainable development, which can be confusing for students and educators alike. Different articulations of sustainable development can create dilemmas around conflicting needs for designers and researchers, at the level of specific designs and (sub-) disciplinary analysis. Hence sustainability issues need to be addressed at a meta-level using a whole of system approach, so that decisions regarding these dilemmas can be made. With this appreciation, and in light of curriculum renewal challenges that also exist in engineering education, this paper considers how educators might take the next step to move from sustainable development being an interesting ‘aspect’ of the curriculum, to sustainable development as a meta-context for curriculum renewal. It is concluded that capacity building for such strategic considerations is critical in engineering education.
Resumo:
At the end of the first decade of the twenty-first century, there is unprecedented awareness of the need for a transformation in development, to meet the needs of the present while also preserving the ability of future generations to meet their own needs. However, within engineering, educators still tend to regard such development as an ‘aspect’ of engineering rather than an overarching meta-context, with ad hoc and highly variable references to topics. Furthermore, within a milieu of interpretations there can appear to be conflicting needs for achieving sustainable development, which can be confusing for students and educators alike. Different articulations of sustainable development can create dilemmas around conflicting needs for designers and researchers, at the level of specific designs and (sub-) disciplinary analysis. Hence sustainability issues need to be addressed at a meta-level using a whole of system approach, so that decisions regarding these dilemmas can be made. With this appreciation, and in light of curriculum renewal challenges that also exist in engineering education, this paper considers how educators might take the next step to move from sustainable development being an interesting ‘aspect’ of the curriculum, to sustainable development as a meta-context for curriculum renewal. It is concluded that capacity building for such strategic considerations is critical in engineering education.
Resumo:
This paper makes a formal security analysis of the current Australian e-passport implementation using model checking tools CASPER/CSP/FDR. We highlight security issues in the current implementation and identify new threats when an e-passport system is integrated with an automated processing system like SmartGate. The paper also provides a security analysis of the European Union (EU) proposal for Extended Access Control (EAC) that is intended to provide improved security in protecting biometric information of the e-passport bearer. The current e-passport specification fails to provide a list of adequate security goals that could be used for security evaluation. We fill this gap; we present a collection of security goals for evaluation of e-passport protocols. Our analysis confirms existing security weaknesses that were previously identified and shows that both the Australian e-passport implementation and the EU proposal fail to address many security and privacy aspects that are paramount in implementing a secure border control mechanism. ACM Classification C.2.2 (Communication/Networking and Information Technology – Network Protocols – Model Checking), D.2.4 (Software Engineering – Software/Program Verification – Formal Methods), D.4.6 (Operating Systems – Security and Privacy Protection – Authentication)
Resumo:
This paper presents ongoing work toward constructing efficient completely non-malleable public-key encryption scheme based on lattices in the standard (common reference string) model. An encryption scheme is completely non-malleable if it requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti proposed two inefficient constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Recently, two efficient public-key encryption schemes have been proposed, both of them are based on pairing identity-based encryption.
Resumo:
A pseudonym provides anonymity by protecting the identity of a legitimate user. A user with a pseudonym can interact with an unknown entity and be confident that his/her identity is secret even if the other entity is dishonest. In this work, we present a system that allows users to create pseudonyms from a trusted master public-secret key pair. The proposed system is based on the intractability of factoring and finding square roots of a quadratic residue modulo a composite number, where the composite number is a product of two large primes. Our proposal is different from previously published pseudonym systems, as in addition to standard notion of protecting privacy of an user, our system offers colligation between seemingly independent pseudonyms. This new property when combined with a trusted platform that stores a master secret key is extremely beneficial to an user as it offers a convenient way to generate a large number of pseudonyms using relatively small storage.
Resumo:
Secure multi-party computation (MPC) protocols enable a set of n mutually distrusting participants P 1, ..., P n , each with their own private input x i , to compute a function Y = F(x 1, ..., x n ), such that at the end of the protocol, all participants learn the correct value of Y, while secrecy of the private inputs is maintained. Classical results in the unconditionally secure MPC indicate that in the presence of an active adversary, every function can be computed if and only if the number of corrupted participants, t a , is smaller than n/3. Relaxing the requirement of perfect secrecy and utilizing broadcast channels, one can improve this bound to t a < n/2. All existing MPC protocols assume that uncorrupted participants are truly honest, i.e., they are not even curious in learning other participant secret inputs. Based on this assumption, some MPC protocols are designed in such a way that after elimination of all misbehaving participants, the remaining ones learn all information in the system. This is not consistent with maintaining privacy of the participant inputs. Furthermore, an improvement of the classical results given by Fitzi, Hirt, and Maurer indicates that in addition to t a actively corrupted participants, the adversary may simultaneously corrupt some participants passively. This is in contrast to the assumption that participants who are not corrupted by an active adversary are truly honest. This paper examines the privacy of MPC protocols, and introduces the notion of an omnipresent adversary, which cannot be eliminated from the protocol. The omnipresent adversary can be either a passive, an active or a mixed one. We assume that up to a minority of participants who are not corrupted by an active adversary can be corrupted passively, with the restriction that at any time, the number of corrupted participants does not exceed a predetermined threshold. We will also show that the existence of a t-resilient protocol for a group of n participants, implies the existence of a t’-private protocol for a group of n′ participants. That is, the elimination of misbehaving participants from a t-resilient protocol leads to the decomposition of the protocol. Our adversary model stipulates that a MPC protocol never operates with a set of truly honest participants (which is a more realistic scenario). Therefore, privacy of all participants who properly follow the protocol will be maintained. We present a novel disqualification protocol to avoid a loss of privacy of participants who properly follow the protocol.
Resumo:
We consider the following problem: members in a dynamic group retrieve their encrypted data from an untrusted server based on keywords and without any loss of data confidentiality and member’s privacy. In this paper, we investigate common secure indices for conjunctive keyword-based retrieval over encrypted data, and construct an efficient scheme from Wang et al. dynamic accumulator, Nyberg combinatorial accumulator and Kiayias et al. public-key encryption system. The proposed scheme is trapdoorless and keyword-field free. The security is proved under the random oracle, decisional composite residuosity and extended strong RSA assumptions.
Resumo:
The first generation e-passport standard is proven to be insecure and prone to various attacks. To strengthen, the European Union (EU) has proposed an Extended Access Control (EAC) mechanism for e-passports that intends to provide better security in protecting biometric information of the e-passport bearer. But, our analysis shows, the EU proposal fails to address many security and privacy issues that are paramount in implementing a strong security mechanism. In this paper we propose an on-line authentication mechanism for electronic passports that addresses the weakness in existing implementations, of both The International Civil Aviation Organisation (ICAO) and EU. Our proposal utilises ICAO PKI implementation, thus requiring very little modifications to the existing infrastructure which is already well established.
Resumo:
Motivated by the need of private set operations in a distributed environment, we extend the two-party private matching problem proposed by Freedman, Nissim and Pinkas (FNP) at Eurocrypt’04 to the distributed setting. By using a secret sharing scheme, we provide a distributed solution of the FNP private matching called the distributed private matching. In our distributed private matching scheme, we use a polynomial to represent one party’s dataset as in FNP and then distribute the polynomial to multiple servers. We extend our solution to the distributed set intersection and the cardinality of the intersection, and further we show how to apply the distributed private matching in order to compute distributed subset relation. Our work extends the primitives of private matching and set intersection by Freedman et al. Our distributed construction might be of great value when the dataset is outsourced and its privacy is the main concern. In such cases, our distributed solutions keep the utility of those set operations while the dataset privacy is not compromised. Comparing with previous works, we achieve a more efficient solution in terms of computation. All protocols constructed in this paper are provably secure against a semi-honest adversary under the Decisional Diffie-Hellman assumption.
Resumo:
Preserving the integrity of the skin's outermost layer (the epidermis) is vital for humans to thrive in hostile surroundings. Covering the entire body, the epidermis forms a thin but impenetrable cellular cordon that repels external assaults and blocks escape of water and electrolytes from within. This structure exists in a perpetual state of regeneration where the production of new cellular subunits at the base of the epidermis is offset by the release of terminally differentiated corneocytes from the surface. It is becoming increasingly clear that proteases hold vital roles in assembling and maintaining the epidermal barrier. More than 30 proteases are expressed by keratinocytes or infiltrating immune cells and the activity of each must be maintained within narrow limits and confined to the correct time and place. Accordingly, over- or under-exertion of proteolytic activity is a common factor in a multitude of skin disorders that range in severity from relatively mild to life-threatening. This review explores the current state of knowledge on the involvement of proteases in skin diseases and the latest findings from proteomic and transcriptomic studies focused on uncovering novel (patho)physiological roles for these enzymes.
