176 resultados para security of supply
Resumo:
Non-linear feedback shift register (NLFSR) ciphers are cryptographic tools of choice of the industry especially for mobile communication. Their attractive feature is a high efficiency when implemented in hardware or software. However, the main problem of NLFSR ciphers is that their security is still not well investigated. The paper makes a progress in the study of the security of NLFSR ciphers. In particular, we show a distinguishing attack on linearly filtered NLFSR (or LF-NLFSR) ciphers. We extend the attack to a linear combination of LF-NLFSRs. We investigate the security of a modified version of the Grain stream cipher and show its vulnerability to both key recovery and distinguishing attacks.
Resumo:
“Supermax” prisons, conceived by the United States in the early 1980s, are typically reserved for convicted political criminals such as terrorists and spies and for other inmates who are considered to pose a serious ongoing threat to the wider community, to the security of correctional institutions, or to the safety of other inmates. Prisoners are usually restricted to their cells for up to twenty-three hours a day and typically have minimal contact with other inmates and correctional staff. Not only does the Federal Bureau of Prisons operate one of these facilities, but almost every state has either a supermax wing or stand-alone supermax prison. The Globalization of Supermax Prisons examines why nine advanced industrialized countries have adopted the supermax prototype, paying particular attention to the economic, social, and political processes that have affected each state. Featuring essays that look at the U.S.-run prisons of Abu Ghraib and Guantanemo, this collection seeks to determine if the American model is the basis for the establishment of these facilities and considers such issues as the support or opposition to the building of a supermax and why opposition efforts failed; the allegation of human rights abuses within these prisons; and the extent to which the decision to build a supermax was influenced by developments in the United States. Additionally, contributors address such domestic matters as the role of crime rates, media sensationalism, and terrorism in each country’s decision to build a supermax prison.
Resumo:
The last two decades have witnessed a fragmentation of previously integrated systems of production and service delivery with the advent of boundary-less, networked and porous organisational forms. This trend has been associated with the growth of outsourcing and increased use of contingent workers. One consequence of these changes is the development of production/service delivery systems based on complex national and international networks of multi-tiered subcontracting increasingly labelled as supply chains. A growing body of research indicates that subcontracting and contingent work arrangements affect design and decision-making processes in ways that can seriously undermine occupational health and safety (OHS). Elaborate supply chains also present a regulatory challenge because legal responsibility for OHS is diffused amongst a wider array of parties, targeting key decision-makers is more difficult, and government agencies encounter greater logistical difficulties trying to safeguard contingent workers. In a number of industries these problems have prompted new forms of regulatory intervention, including mechanisms for sheeting legal responsibility to the top of supply chains, contractual tracking devices and increasing industry, union and community involvement in enforcement. After describing the problems just alluded to this paper examines recent efforts to regulate supply chains to safeguard OHS in the United Kingdom and Australia.
Resumo:
This paper investigates how social and environmental non-government organisations (NGOs) use the news media in an endeavour to create changes in the social performance and associated accountabilities of multinational buying companies’ (MBCs’) supply chains located in the developing country of Bangladesh. In this research, we explicitly seek the views of senior officers from global and local NGOs operating in Bangladesh, as well as the views of journalists from major global and local news media organisations. Our results show that social and environmental NGOs strategically use the news media in an effort to effect changes in corporate labour practices and related disclosure practices. More particularly, both the NGOs and the news media representatives stated that NGOs would be relatively powerless to create change in corporate without media coverage. This is the first known study to specifically address the joint and complementary role of NGOs and the news media in potentially creating changes in the social and environmental operating and disclosure practices of supply chains emanating from a developing country.
Resumo:
Purpose – The purpose of this paper is to examine empirically, an industry development paradox, using embryonic literature in the area of strategic supply chain management, together with innovation management literature. This study seeks to understand how, forming strategic supply chain relationships, and developing strategic supply chain capability, influences beneficial supply chain outcomes expected from utilizing industry-led innovation, in the form of electronic business solutions using the internet, in the Australian beef industry. Findings should add valuable insights to both academics and practitioners in the fields of supply chain innovation management and strategic supply chain management, and expand knowledge to current literature. Design/methodology/approach – This is a quantitative study comparing innovative and non-innovative supply chain operatives in the Australian beef industry, through factor analysis and structural equation modeling using PAWS Statistical V18 and AMOS V18 to analyze survey data from 412 respondents from the Australian beef supply chain. Findings – Key findings are that both innovative and non-innovative supply chain operators attribute supply chain synchronization as only a minor indicator of strategic supply chain capability, contrary to the literature; and they also indicate strategic supply chain capability has a minor influence in achieving beneficial outcomes from utilizing industry-led innovation. These results suggest a lack of coordination between supply chain operatives in the industry. They also suggest a lack of understanding of the benefits of developing a strategic supply chain management competence, particularly in relation to innovation agendas, and provides valuable insights as to why an industry paradox exists in terms of the level of investment in industry-led innovation, vs the level of corresponding benefit achieved. Research limitations/implications – Results are not generalized due to the single agribusiness industry studied and the single research method employed. However, this provides opportunity for further agribusiness studies in this area and also studies using alternate methods, such as qualitative, in-depth analysis of these factors and their relationships, which may confirm results or produce different results. Further, this study empirically extends existing theoretical contributions and insights into the roles of strategic supply chain management and innovation management in improving supply chain and ultimately industry performance while providing practical insights to supply chain practitioners in this and other similar agribusiness industries. Practical implications – These findings confirm results from a 2007 research (Ketchen et al., 2007) which suggests supply chain practice and teachings need to take a strategic direction in the twenty-first century. To date, competence in supply chain management has built up from functional and process orientations rather than from a strategic perspective. This study confirms that there is a need for more generalists that can integrate with various disciplines, particularly those who can understand and implement strategic supply chain management. Social implications – Possible social implications accrue through the development of responsible government policy in terms of industry supply chains. Strategic supply chain management and supply chain innovation management have impacts to the social fabric of nations through the sustainability of their industries, especially agribusiness industries which deal with food safety and security. If supply chains are now the competitive weapon of nations then funding innovation and managing their supply chain competitiveness in global markets requires a strategic approach from everyone, not just the industry participants. Originality/value – This is original empirical research, seeking to add value to embryonic and important developing literature concerned with adopting a strategic approach to supply chain management. It also seeks to add to existing literature in the area of innovation management, particularly through greater understanding of the implications of nations developing industry-wide, industry-led innovation agendas, and their ramifications to industry supply chains.
Resumo:
At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).
Resumo:
Climate change is one of the most important issues confronting the sustainable supply of seafood, with projections suggesting major effects on wild and farmed fisheries worldwide. While climate change has been a consideration for Australian fisheries and aquaculture management, emphasis in both research and adaptation effort has been at the production end of supply chains—impacts further along the chain have been overlooked to date. A holistic biophysical and socio-economic system view of seafood industries, as represented by end-to-end supply chains, may lead to an additional set of options in the face of climate change, thus maximizing opportunities for improved fishery profitability, while also reducing the potential for maladaptation. In this paper, we explore Australian seafood industry stakeholder perspectives on potential options for adaptation along seafood supply chains based on future potential scenarios. Stakeholders, representing wild capture and aquaculture industries, provided a range of actions targeting different stages of the supply chain. Overall, proposed strategies were predominantly related to the production end of the supply chain, suggesting that greater attention in developing adaptation options is needed at post-production stages. However, there are chain-wide adaptation strategies that can present win–win scenarios, where commercial objectives beyond adaptation can also be addressed alongside direct or indirect impacts of climate. Likewise, certain adaptation strategies in place at one stage of the chain may have varying implications on other stages of the chain. These findings represent an important step in understanding the role of supply chains in effective adaptation of fisheries and aquaculture industries to climate change.
Resumo:
Cannabis is the most prolifically used illicit drug in Australia, however, there is a gap in our understanding concerning the social interactions and friendships formed around its supply and use. The authors recruited cannabis users aged between 18 and 30 years throughout Australia, to explore the impact of supply routes on young users and their perceived notions of drug dealing in order to provide valuable insight into the influence that reciprocal relationships have on young people’s access to cannabis. Findings reveal that the supply of cannabis revolves around pre-existing connections and relationships formed through associates known to be able to readily source cannabis. It was found that motivations for proffering cannabis in a shared environment were related more to developing social capital than to generating financial gain. Given this, often those involved in supply do not perceive that they are breaking the law or that they are ‘dealers’. This social supply market appears to be built on trust and social interactions and, as such, presents several challenges to law enforcement. It is suggested that there would be benefit in providing targeted education campaigns to combat social supply dealing among young adults.
Resumo:
While cannabis is the most prolifically used illicit drug in Australia, there is a gap in our understanding concerning the social interactions and friendships formed around its supply and use. The authors recruited cannabis users aged between 18 and 30 years throughout Australia, to explore the impact of supply routes on young users and their perceived notions of drug dealing in order to provide valuable insight into the influence that reciprocal relationships have on young people’s access to cannabis. Findings reveal that the supply of cannabis revolves around pre-existing connections and relationships formed through associates known to be able to readily source cannabis. It was found that motivations for proffering cannabis in a shared environment were related more to developing social capital than to generating financial gain. Given this, often those involved in supply do not perceive that they are breaking the law or that they are ‘dealers’. This social supply market appears to be built on trust and social interactions and, as such, presents several challenges to law enforcement. It is suggested that there would be benefit in providing targeted education campaigns to combat social supply dealing among young adults.
Resumo:
This thesis evaluates the security of Supervisory Control and Data Acquisition (SCADA) systems, which are one of the key foundations of many critical infrastructures. Specifically, it examines one of the standardised SCADA protocols called the Distributed Network Protocol Version 3, which attempts to provide a security mechanism to ensure that messages transmitted between devices, are adequately secured from rogue applications. To achieve this, the thesis applies formal methods from theoretical computer science to formally analyse the correctness of the protocol.
Resumo:
Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS) attempt to temporarily disrupt users or computer resources to cause service un- availability to legitimate users in the internetworking system. The most common type of DoS attack occurs when adversaries °ood a large amount of bogus data to interfere or disrupt the service on the server. The attack can be either a single-source attack, which originates at only one host, or a multi-source attack, in which multiple hosts coordinate to °ood a large number of packets to the server. Cryptographic mechanisms in authentication schemes are an example ap- proach to help the server to validate malicious tra±c. Since authentication in key establishment protocols requires the veri¯er to spend some resources before successfully detecting the bogus messages, adversaries might be able to exploit this °aw to mount an attack to overwhelm the server resources. The attacker is able to perform this kind of attack because many key establishment protocols incorporate strong authentication at the beginning phase before they can iden- tify the attacks. This is an example of DoS threats in most key establishment protocols because they have been implemented to support con¯dentiality and data integrity, but do not carefully consider other security objectives, such as availability. The main objective of this research is to design denial-of-service resistant mechanisms in key establishment protocols. In particular, we focus on the design of cryptographic protocols related to key establishment protocols that implement client puzzles to protect the server against resource exhaustion attacks. Another objective is to extend formal analysis techniques to include DoS- resistance. Basically, the formal analysis approach is used not only to analyse and verify the security of a cryptographic scheme carefully but also to help in the design stage of new protocols with a high level of security guarantee. In this research, we focus on an analysis technique of Meadows' cost-based framework, and we implement DoS-resistant model using Coloured Petri Nets. Meadows' cost-based framework is directly proposed to assess denial-of-service vulnerabil- ities in the cryptographic protocols using mathematical proof, while Coloured Petri Nets is used to model and verify the communication protocols using inter- active simulations. In addition, Coloured Petri Nets are able to help the protocol designer to clarify and reduce some inconsistency of the protocol speci¯cation. Therefore, the second objective of this research is to explore vulnerabilities in existing DoS-resistant protocols, as well as extend a formal analysis approach to our new framework for improving DoS-resistance and evaluating the performance of the new proposed mechanism. In summary, the speci¯c outcomes of this research include following results; 1. A taxonomy of denial-of-service resistant strategies and techniques used in key establishment protocols; 2. A critical analysis of existing DoS-resistant key exchange and key estab- lishment protocols; 3. An implementation of Meadows's cost-based framework using Coloured Petri Nets for modelling and evaluating DoS-resistant protocols; and 4. A development of new e±cient and practical DoS-resistant mechanisms to improve the resistance to denial-of-service attacks in key establishment protocols.
Resumo:
LEX is a stream cipher that progressed to Phase 3 of the eSTREAM stream cipher project. In this paper, we show that the security of LEX against algebraic attacks relies on a small equation system not being solvable faster than exhaustive search. We use the byte leakage in LEX to construct a system of 21 equa- tions in 17 variables. This is very close to the require- ment for an efficient attack, i.e. a system containing 16 variables. The system requires only 36 bytes of keystream, which is very low.
Resumo:
Measuring quality attributes of object-oriented designs (e.g. maintainability and performance) has been covered by a number of studies. However, these studies have not considered security as much as other quality attributes. Also, most security studies focus at the level of individual program statements. This approach makes it hard and expensive to discover and fix vulnerabilities caused by design errors. In this work, we focus on the security design of an object oriented application and define a number of security metrics. These metrics allow designers to discover and fix security vulnerabilities at an early stage, and help compare the security of various alternative designs. In particular, we propose seven security metrics to measure Data Encapsulation (accessibility) and Cohesion (interactions) of a given object-oriented class from the point of view of potential information flow.
Resumo:
This report focuses on risk-assessment practices in the private rental market, with particular consideration of their impact on low-income renters. It is based on the fieldwork undertaken in the second stage of the research process that followed completion of the Positioning Paper. The key research question this study addressed was: What are the various factors included in ‘risk-assessments’ by real estate agents in allocating ‘affordable’ tenancies? How are these risks quantified and managed? What are the key outcomes of their decision-making? The study builds on previous research demonstrating that a relatively large proportion of low-cost private rental accommodation is occupied by moderate- to high-income households (Wulff and Yates 2001; Seelig 2001; Yates et al. 2004). This is occurring in an environment where the private rental sector is now the de facto main provider of rental housing for lower-income households across Australia (Seelig et al. 2005) and where a number of factors are implicated in patterns of ‘income–rent mismatching’. These include ongoing shifts in public housing assistance; issues concerning eligibility for rent assistance; ‘supply’ factors, such as loss of low-cost rental stock through upgrading and/or transfer to owner-occupied housing; patterns of supply and demand driven largely by middle- to high-income owner-investors and renters; and patterns of housing need among low-income households for whom affordable housing is not appropriate. In formulating a way of approaching the analysis of ‘risk-assessment’ in rental housing management, this study has applied three sociological perspectives on risk: Beck’s (1992) formulation of risk society as entailing processes of ‘individualisation’; a socio-cultural perspective which emphasises the situated nature of perceptions of risk; and a perspective which has drawn attention to different modes of institutional governance of subjects, as ‘carriers of specific indicators of risk’. The private rental market was viewed as a social institution, and the research strategy was informed by ‘institutional ethnography’ as a method of enquiry. The study was based on interviews with property managers, real estate industry representatives, tenant advocates and community housing providers. The primary focus of inquiry was on ‘the moment of allocation’. Six local areas across metropolitan and regional Queensland, New South Wales, and South Australia were selected as case study localities. In terms of the main findings, it is evident that access to private rental housing is not just a matter of ‘supply and demand’. It is also about assessment of risk among applicants. Risk – perceived or actual – is thus a critical factor in deciding who gets housed, and how. Risk and its assessment matter in the context of housing provision and in the development of policy responses. The outcomes from this study also highlight a number of salient points: 1.There are two principal forms of risk associated with property management: financial risk and risk of litigation. 2. Certain tenant characteristics and/or circumstances – ability to pay and ability to care for the rented property – are the main factors focused on in assessing risk among applicants for rental housing. Signals of either ‘(in)ability to pay’ and/or ‘(in)ability to care for the property’ are almost always interpreted as markers of high levels of risk. 3. The processing of tenancy applications entails a complex and variable mix of formal and informal strategies of risk-assessment and allocation where sorting (out), ranking, discriminating and handing over characterise the process. 4. In the eyes of property managers, ‘suitable’ tenants can be conceptualised as those who are resourceful, reputable, competent, strategic and presentable. 5. Property managers clearly articulated concern about risks entailed in a number of characteristics or situations. Being on a low income was the principal and overarching factor which agents considered. Others included: - unemployment - ‘big’ families; sole parent families - domestic violence - marital breakdown - shift from home ownership to private rental - Aboriginality and specific ethnicities - physical incapacity - aspects of ‘presentation’. The financial vulnerability of applicants in these groups can be invoked, alongside expressed concerns about compromised capacities to manage income and/or ‘care for’ the property, as legitimate grounds for rejection or a lower ranking. 6. At the level of face-to-face interaction between the property manager and applicants, more intuitive assessments of risk based upon past experience or ‘gut feelings’ come into play. These judgements are interwoven with more systematic procedures of tenant selection. The findings suggest that considerable ‘risk’ is associated with low-income status, either directly or insofar as it is associated with other forms of perceived risk, and that such risks are likely to impede access to the professionally managed private rental market. Detailed analysis suggests that opportunities for access to housing by low-income householders also arise where, for example: - the ‘local experience’ of an agency and/or property manager works in favour of particular applicants - applicants can demonstrate available social support and financial guarantors - an applicant’s preference or need for longer-term rental is seen to provide a level of financial security for the landlord - applicants are prepared to agree to specific, more stringent conditions for inspection of properties and review of contracts - the particular circumstances and motivations of landlords lead them to consider a wider range of applicants - In particular circumstances, property managers are prepared to give special consideration to applicants who appear worthy, albeit ‘risky’. The strategic actions of demonstrating and documenting on the part of vulnerable (low-income) tenant applicants can improve their chances of being perceived as resourceful, capable and ‘savvy’. Such actions are significant because they help to persuade property managers not only that the applicant may have sufficient resources (personal and material) but that they accept that the onus is on themselves to show they are reputable, and that they have valued ‘competencies’ and understand ‘how the system works’. The parameters of the market do shape the processes of risk-assessment and, ultimately, the strategic relation of power between property manager and the tenant applicant. Low vacancy rates and limited supply of lower-cost rental stock, in all areas, mean that there are many more tenant applicants than available properties, creating a highly competitive environment for applicants. The fundamental problem of supply is an aspect of the market that severely limits the chances of access to appropriate and affordable housing for low-income rental housing applicants. There is recognition of the impact of this problem of supply. The study indicates three main directions for future focus in policy and program development: providing appropriate supports to tenants to access and sustain private rental housing, addressing issues of discrimination and privacy arising in the processes of selecting suitable tenants, and addressing problems of supply.
Resumo:
Surveillance networks are typically monitored by a few people, viewing several monitors displaying the camera feeds. It is then very difficult for a human operator to effectively detect events as they happen. Recently, computer vision research has begun to address ways to automatically process some of this data, to assist human operators. Object tracking, event recognition, crowd analysis and human identification at a distance are being pursued as a means to aid human operators and improve the security of areas such as transport hubs. The task of object tracking is key to the effective use of more advanced technologies. To recognize an event people and objects must be tracked. Tracking also enhances the performance of tasks such as crowd analysis or human identification. Before an object can be tracked, it must be detected. Motion segmentation techniques, widely employed in tracking systems, produce a binary image in which objects can be located. However, these techniques are prone to errors caused by shadows and lighting changes. Detection routines often fail, either due to erroneous motion caused by noise and lighting effects, or due to the detection routines being unable to split occluded regions into their component objects. Particle filters can be used as a self contained tracking system, and make it unnecessary for the task of detection to be carried out separately except for an initial (often manual) detection to initialise the filter. Particle filters use one or more extracted features to evaluate the likelihood of an object existing at a given point each frame. Such systems however do not easily allow for multiple objects to be tracked robustly, and do not explicitly maintain the identity of tracked objects. This dissertation investigates improvements to the performance of object tracking algorithms through improved motion segmentation and the use of a particle filter. A novel hybrid motion segmentation / optical flow algorithm, capable of simultaneously extracting multiple layers of foreground and optical flow in surveillance video frames is proposed. The algorithm is shown to perform well in the presence of adverse lighting conditions, and the optical flow is capable of extracting a moving object. The proposed algorithm is integrated within a tracking system and evaluated using the ETISEO (Evaluation du Traitement et de lInterpretation de Sequences vidEO - Evaluation for video understanding) database, and significant improvement in detection and tracking performance is demonstrated when compared to a baseline system. A Scalable Condensation Filter (SCF), a particle filter designed to work within an existing tracking system, is also developed. The creation and deletion of modes and maintenance of identity is handled by the underlying tracking system; and the tracking system is able to benefit from the improved performance in uncertain conditions arising from occlusion and noise provided by a particle filter. The system is evaluated using the ETISEO database. The dissertation then investigates fusion schemes for multi-spectral tracking systems. Four fusion schemes for combining a thermal and visual colour modality are evaluated using the OTCBVS (Object Tracking and Classification in and Beyond the Visible Spectrum) database. It is shown that a middle fusion scheme yields the best results and demonstrates a significant improvement in performance when compared to a system using either mode individually. Findings from the thesis contribute to improve the performance of semi-automated video processing and therefore improve security in areas under surveillance.
