Urban citizenship in a sensor rich society

Urban public spaces are sutured with a range of surveillance and sensor technologies that claim to enable new forms of ‘data based citizen participation’, but also increase the tendency for ‘function-creep’, whereby vast amounts of data are gathered, stored and analysed in a broad application of urban surveillance. This kind of monitoring and capacity for surveillance connects with attempts by civic authorities to regulate, restrict, rebrand and reframe urban public spaces. A direct consequence of the increasingly security driven, policed, privatised and surveilled nature of public space is the exclusion or ‘unfavourable inclusion’ of those considered flawed and unwelcome in the ‘spectacular’ consumption spaces of many major urban centres. In the name of urban regeneration, programs of securitisation, ‘gentrification’ and ‘creative’ and ‘smart’ city initiatives refashion public space as sites of selective inclusion and exclusion. In this context of monitoring and control procedures, in particular, children and young people’s use of space in parks, neighbourhoods, shopping malls and streets is often viewed as a threat to the social order, requiring various forms of remedial action. This paper suggests that cities, places and spaces and those who seek to use them, can be resilient in working to maintain and extend democratic freedoms and processes enshrined in Marshall’s concept of citizenship, calling sensor and surveillance systems to account. Such accountability could better inform the implementation of public policy around the design, build and governance of public space and also understandings of urban citizenship in the sensor saturated urban environment.

Urban citizenship in a sensor rich society

Urban public spaces are sutured with a range of surveillance and sensor technologies that claim to enable new forms of ‘data based citizen participation’, but also increase the tendency for ‘function-creep’, whereby vast amounts of data are gathered, stored and analysed in a broad application of urban surveillance. This kind of monitoring and capacity for surveillance connects with attempts by civic authorities to regulate, restrict, rebrand and reframe urban public spaces. A direct consequence of the increasingly security driven, policed, privatised and surveilled nature of public space is the exclusion or ‘unfavourable inclusion’ of those considered flawed and unwelcome in the ‘spectacular’ consumption spaces of many major urban centres. This paper suggests that cities, places and spaces and those who seek to use them, can be resilient in working to maintain and extend democratic freedoms and processes enshrined in Marshall’s concept of citizenship, calling sensor and surveillance systems to account. Such accountability could better inform the implementation of public policy around the design, build and governance of public space and also understandings of urban citizenship in the sensor saturated urban environment.

Understanding Formal and Informal Governance on Infrastructure Projects - Literature Review [industry report]

In Australia, collaborative contracts have been increasingly used to govern infrastructure projects. These contracts combine formal and informal mechanisms to manage project delivery. Formal mechanisms (e.g. financial risk sharing) are specified in the contract, while informal mechanisms (e.g. integrated team) are not. The paper reports on a literature review to operationalise the concepts of formal and informal governance, as the literature contains a multiplicity of, often un-testable, definitions. This work is the first phase of a study that will examine the optimal balance of formal and informal governance structures. Desk-top review of leading journals in the areas of construction management and business management, as well as recent government documents and industry guidelines, was undertaken to to conceptualise and operatinalise formal and informal governance mechanisms. The study primarily draws on transaction-cost economics (e.g. Williamson 1979; 1991), relational contract theory (Feinman 2000; Macneil 2000) and social psychology theory (e.g. Gulati 1995). Content analysis of the literature was undertaken to identify key governance mechanisms. Content analysis is a commonly used methodology in the social sciences area. It provides rich data through the systematic and objective review of literature (Krippendorff 2004). NVivo 9, a qualitative data analysis software package, was used to assist in this process. Formal governance mechanisms were found to be usefully broken down into four measurable categories: (1) target cost arrangement (2) financial risk and reward sharing regime (3) transparent financials and (4) collaborative multi-party agreement Informal governance mechanisms were found to be usefully broken down into three measurable categories: (1) leadership structure (2) integrated team (3) joint management system We expect these categories to effectively capture the key governance drivers of outcomes on infrastructure projects. These categories will be further refined and broken down into individual governance mechanisms for assessment through a large-scale Australian survey planned for late 2012. These individual mechanisms will feature in the questionnaire that QUT will deliver to AAA in October 2012.

Institutional investors, risk/performance and corporate governance

Modern portfolio theory suggests that investors minimize risk for a given level of expected return by carefully choosing the proportions of various assets. This study sets out to determine the role of the institutional investor in monitoring risk and firm performance. Using a sample of Australian firms from 2006 to 2008, our empirical study shows a positive association between firm-specific risk, risk-management policy, and performance for firms with increasing institutional shareholdings. The study also finds that the significance of this association depends on the institutional investor's ability to influence management, which in turn depends on the size of ownership and whether the investee firm does not have potential business dealings with the investor. We also find that when firms are financially distressed, institutional investors engage in promoting short-term performance or exit rather than support long-term value creation. The results are robust while controlling the potential for endogeneity and using sensitivity tests to control for variants of performance and risk. These findings add to the growing body of literature examining institutional ownership and the importance of understanding the role of risk-management in the risk and return relation.

A study of safety leadership and safety governance for board members and senior executives

This thesis is an investigation of the fields of leadership and corporate governance in the context of workplace safety. The research has made a contribution by defining four criteria of safety leadership and applying these criteria to board members, senior executives and written communications. The thesis outlines the findings of two studies; the first is an analysis of public disclosures in ASX200 annual reports and CSR reports, and the second comprises two case studies of large Australian companies including interviews with board members and senior executives. The concept of safety governance is defined and a safety governance framework is developed.

On the Security of Two RFID Mutual Authentication Protocols

In this paper, the security of two recent RFID mutual authentication protocols are investigated. The first protocol is a scheme proposed by Huang et al. [7] and the second one by Huang, Lin and Li [6]. We show that these two protocols have several weaknesses. In Huang et al.’s scheme, an adversary can determine the 32-bit secret password with a probability of 2−2 , and in Huang-Lin-Li scheme, a passive adversary can recognize a target tag with a success probability of 1−2−4 and an active adversary can determine all 32 bits of Access password with success probability of 2−4 . The computational complexity of these attacks is negligible.

The suffix-free-prefix-free hash function construction and its indifferentiability security analysis

In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value (IV) of hash functions is fixed. In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening in the padding functionality of the hash functions. We propose a generic n -bit-iterated hash function framework based on an n -bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary IV s and does not possess MD strengthening. We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any n -bit-iterated hash function based on an n -bit compression function and with an n -bit chaining value that is proven indifferentiable from a RO.

Security Analysis of Randomize-Hash-then-Sign Digital Signatures

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).

Improved Security Analysis of Fugue-256 (Poster)

We present some improved analytical results as part of the ongoing work on the analysis of Fugue-256 hash function, a second round candidate in the NIST’s SHA3 competition. First we improve Aumasson and Phans’ integral distinguisher on the 5.5 rounds of the final transformation of Fugue-256 to 16.5 rounds. Next we improve the designers’ meet-in-the-middle preimage attack on Fugue-256 from 2480 time and memory to 2416. Finally, we comment on possible methods to obtain free-start distinguishers and free-start collisions for Fugue-256.

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

Security Analysis of salt||password Hashes

Protection of passwords used to authenticate computer systems and networks is one of the most important application of cryptographic hash functions. Due to the application of precomputed memory look up attacks such as birthday and dictionary attacks on the hash values of passwords to find passwords, it is usually recommended to apply hash function to the combination of both the salt and password, denoted salt||password, to prevent these attacks. In this paper, we present the first security analysis of salt||password hashing application. We show that when hash functions based on the compression functions with easily found fixed points are used to compute the salt||password hashes, these hashes are susceptible to precomputed offline birthday attacks. For example, this attack is applicable to the salt||password hashes computed using the standard hash functions such as MD5, SHA-1, SHA-256 and SHA-512 that are based on the popular Davies-Meyer compression function. This attack exposes a subtle property of this application that although the provision of salt prevents an attacker from finding passwords, salts prefixed to the passwords do not prevent an attacker from doing a precomputed birthday attack to forge an unknown password. In this forgery attack, we demonstrate the possibility of building multiple passwords for an unknown password for the same hash value and salt. Interestingly, password||salt (i.e. salts suffixed to the passwords) hashes computed using Davies-Meyer hash functions are not susceptible to this attack, showing the first security gap between the prefix-salt and suffix-salt methods of hashing passwords.

Analysing governance of Australia's system of landscape-based greenhouse gas abatement

Healthy governance systems are key to delivering effective outcomes in any broad domain of natural resource management (NRM). One of Australia's emerging NRM governance domains is our national framework for greenhouse gas abatement (GGA), as delivered through a wide range of management practices in the Australian landscape. The emerging Landscape-Based GGA Domain represents an innovative governance space that straddles both the nation's broader NRM Policy and Delivery Domain and Australia's GGA Domain. As a point-in-time benchmark, we assess the health of this hybrid domain as it stood at the end of 2013. At that time, the domain was being progressed through the Australian government's Clean Energy Package and, more particularly, its Carbon Farming Initiative (CFI). While significant changes are currently under development by a new Australian government, this paper explores key areas of risk within the governance system underpinning this emerging hybrid domain at that point in time. We then map some potential reform or continuous improvement pathways required (from national to paddock scale) with the view to securing improved landscape outcomes over time through widespread GGA activities.

Enterprise business technology governance: A validation of three technology-governance competencies for boards of directors

The competent leadership and governance of digital transformation needs to involve the board of directors. The reported lack of such capability in boards is becoming a pressing issue. Underpinning leadership in such transformation are the competencies to effectively govern Enterprise Technology (ETG). In this paper we take the position that ETG competencies are essential in boards because competent enterprise business technology governance has been shown to contribute to increased revenue, profit, and returns. We report the industry validation processes of a set of three board-of-director competencies needed for effective ETG related to strategy and planning; investment and risk; and, innovation and value creation. We conclude that gaps in board ETG competence remain.

The evolving landscape of natural resource planning and governance in Australia

Australia’s governance of land and natural resources involves multiple polycentric domains of decision-making from global through to local levels. Although certainly complex, these arrangements have not necessarily translated into better decision-making or better environmental outcomes as evidenced by the growing concerns over the health and future of the Great Barrier Reef, (GBR). However within this system, arrangements for natural resource management (NRM) and reef water quality, which both use Australia’s integrated regional NRM model, have showed signs of improving decision-making and environmental outcomes in the GBR. In this paper we describe the latest evolutions in the governance and planning for natural resource use and management in Australia. We begin by reviewing the experience with first generation NRM as published in major audits and evaluations. As our primary interest is the health and future of the GBR, we then consider the impact of changes of second generation planning and governance outcomes in Queensland. We find that first generation plans, although developed under a relatively cohesive governance context, faced substantial problems in target setting, implementation, monitoring and review. Despite this, they were able to progress improvements in water quality in the Great Barrier Reef Regions. Second generation plans, currently being developed, face an even greater risk of failure due to the lack of bilateralism and cross-sectoral cooperation across the NRM governance system. The findings highlight the critical need to re-build and enhance the regional NRM model for NRM planning to have a positive impact on environmental outcomes in the GBR.