Women, peace and security as an ASEAN priority

The Association of South East Asian Nations (ASEAN) Secretariat and its member states have repeatedly professed their commitment to the protection and advancement of women’s economic and human rights. Such commitments have included the Declaration on the Advancement of Women in ASEAN in 1988, the ASEAN Declaration on the Elimination of Violence Against Women in 2004, and the ASEAN Declaration of Human Rights in 2012, as well as the establishment of the ASEAN Committee on Women in 2002 and the ASEAN Commission on the Promotion and Protection of Women and Children in 2009. However, none of these regional commitments or institutions expressly take up the core concern of the Women, Peace and Security (WPS) agenda set out in United Nations Security Council (UNSC) Resolution 1325 in 2000. ASEAN has no 1325 regional action plan and amongst the ASEAN membership, the Philippines is the only state that has adopted a 1325 National Action Plan (NAP). We explore the possible reasons for lack of ASEAN institutional engagement with 1325, outline the case for regional engagement, and suggest specific roles for ASEAN Secretariat, donor governments and individual member states to commit to UNSCR 1325 as a regional priority.

National security and pandemics

Pandemics are for the most part disease outbreaks that become widespread as a result of the spread of human-to-human infection. Beyond the debilitating, sometimes fatal, consequences for those directly affected, pandemics have a range of negative social, economic and political consequences. These tend to be greater where the pandemic is a novel pathogen, has a high mortality and/or hospitalization rate and is easily spread. According to Lee Jong-wook, former Director-General of the World Health Organization (WHO), pandemics do not respect international borders. Therefore, they have the potential to weaken many societies, political systems and economies simultaneously.

1st International Workshop on Secure and Privacy-Aware Information Management in eHealth

Information security and privacy in the healthcare domain is a complex and challenging problem for computer scientists, social scientists, law experts and policy makers. Appropriate healthcare provision requires specialized knowledge, is information intensive and much patient information is of a particularly sensitive nature. Electronic health record systems provide opportunities for information sharing which may enhance healthcare services, for both individuals and populations. However, appropriate information management measures are essential for privacy preservation...

Dataset validation within big data security architecture

In recent years, increasing focus has been made on making good business decisions utilizing the product of data analysis. With the advent of the Big Data phenomenon, this is even more apparent than ever before. But the question is how can organizations trust decisions made on the basis of results obtained from analysis of untrusted data? Assurances and trust that data and datasets that inform these decisions have not been tainted by outside agency. This study will propose enabling the authentication of datasets specifically by the extension of the RESTful architectural scheme to include authentication parameters while operating within a larger holistic security framework architecture or model compliant to legislation.

The suffix-free-prefix-free hash function construction and its indifferentiability security analysis

In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value (IV) of hash functions is fixed. In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening in the padding functionality of the hash functions. We propose a generic n -bit-iterated hash function framework based on an n -bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary IV s and does not possess MD strengthening. We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any n -bit-iterated hash function based on an n -bit compression function and with an n -bit chaining value that is proven indifferentiable from a RO.

Security Analysis of salt||password Hashes

Protection of passwords used to authenticate computer systems and networks is one of the most important application of cryptographic hash functions. Due to the application of precomputed memory look up attacks such as birthday and dictionary attacks on the hash values of passwords to find passwords, it is usually recommended to apply hash function to the combination of both the salt and password, denoted salt||password, to prevent these attacks. In this paper, we present the first security analysis of salt||password hashing application. We show that when hash functions based on the compression functions with easily found fixed points are used to compute the salt||password hashes, these hashes are susceptible to precomputed offline birthday attacks. For example, this attack is applicable to the salt||password hashes computed using the standard hash functions such as MD5, SHA-1, SHA-256 and SHA-512 that are based on the popular Davies-Meyer compression function. This attack exposes a subtle property of this application that although the provision of salt prevents an attacker from finding passwords, salts prefixed to the passwords do not prevent an attacker from doing a precomputed birthday attack to forge an unknown password. In this forgery attack, we demonstrate the possibility of building multiple passwords for an unknown password for the same hash value and salt. Interestingly, password||salt (i.e. salts suffixed to the passwords) hashes computed using Davies-Meyer hash functions are not susceptible to this attack, showing the first security gap between the prefix-salt and suffix-salt methods of hashing passwords.

Safety envelope for security

We present an approach for detecting sensor spoofing attacks on a cyber-physical system. Our approach consists of two steps. In the first step, we construct a safety envelope of the system. Under nominal conditions (that is, when there are no attacks), the system always stays inside its safety envelope. In the second step, we build an attack detector: a monitor that executes synchronously with the system and raises an alarm whenever the system state falls outside the safety envelope. We synthesize safety envelopes using a modified machine learning procedure applied on data collected from the system when it is not under attack. We present experimental results that show effectiveness of our approach, and also validate the several novel features that we introduced in our learning procedure.

2nd International Workshop on Secure and Privacy-Aware Information Management in eHealth

Information security and privacy in the healthcare domain is a complex and challenging problem for computer scientists, social scientists, law experts and policy makers. Appropriate healthcare provision requires specialized knowledge, is information intensive and much patient information is of a particularly sensitive nature. Electronic health record systems provide opportunities for information sharing which may enhance healthcare services, for both individuals and populations. However, appropriate information management measures are essential for privacy preservation...

International regulatory framework for food production and diversity

Stakeholders commonly agree that food systems need to be urgently reformed. Yet, how food systems should be reformed is extremely contested. Public international law and regulations are uniquely placed to influence and guide law, policy, programmes and action at regional, national and local levels. Although plenty of international legal instruments intersect with food-related issues, the international regulation of food systems is fragmented, understudied and contested. In order to address these issues, this paper maps and analyses the public international regulatory aspects of food production with a view to providing recommendations for reform. Accordingly, this paper brings together a variety of binding and non-binding international regulatory instruments that to varying degrees and from a range of angles deals with the first activity in the food system: food production. The following paper traces the regulatory tools from natural resources, to the farmers and farm workers that apply skill and experience, and finally to the different dimension of world trade in food. The various regulatory instruments identified, and their collective whole, will be analysed against a rights-based approach to food security.

The doomsday vault: Seed banks, food security, and climate change

"It could easily provide the back-drop for a James Bond movie. Deep inside a mountain near the North Pole, down a fortified tunnel, and behind airlocked doors in a vault frozen to -18 degrees Celsius, scientists are squirreling away millions of seed samples. The samples constitute the very foundation of agriculture, the biological diversity needed so the world's major food crops can adapt to the next pest or disease, or to climate change. It's little wonder that the Svalbard Global Seed Vault has captured the public's imagination more than almost any agricultural topic in recent years. Popular press reports about the ‘Doomsday Vault,’ however, typically mask the complexity of the endeavor and, if anything, underestimate its practical utility." Cary Fowler This chapter considers the use of seed banks to address concerns about intellectual property, climate change and food security. It has a number of themes. First of all, it is interested in the use of ‘Big Science’ projects to address pressing global scientific concerns and Millennium Development Goals. Second, it highlights the increasing use of banks as a means of managing both property and intellectual property across a wide range of fields of agriculture and biotechnology. Third, it considers the linkage of intellectual property, access to genetic resources and benefit sharing. There are a variety of positions in this debate. Some see requirements in respect of access to genetic resources and benefit sharing as an inconvenient burden for science and commerce. Others defend access to genetic resources and benefit sharing as meaningful and productive. Those inclined to somewhat more conspiratorial views suggest that access to genetic resources and benefit sharing are a ruse to facilitate biopiracy. This chapter has a number of components. Section I focuses upon the Consultative Group on International Agricultural Research (CGIAR) network – often raised as a model for Climate Innovation Centres. Section II considers the Svalbard Global Seed Vault – the so-called Doomsday Vault. After a consideration of the World Summit on Food Security in 2009, it is concluded in this chapter that any future international agreement on climate change needs to address intellectual property, plant genetic resources and food security.

Network security metrics and performance for healthcare systems management

While enhanced cybersecurity options, mainly based around cryptographic functions, are needed overall speed and performance of a healthcare network may take priority in many circumstances. As such the overall security and performance metrics of those cryptographic functions in their embedded context needs to be understood. Understanding those metrics has been the main aim of this research activity. This research reports on an implementation of one network security technology, Internet Protocol Security (IPSec), to assess security performance. This research simulates sensitive healthcare information being transferred over networks, and then measures data delivery times with selected security parameters for various communication scenarios on Linux-based and Windows-based systems. Based on our test results, this research has revealed a number of network security metrics that need to be considered when designing and managing network security for healthcare-specific or non-healthcare-specific systems from security, performance and manageability perspectives. This research proposes practical recommendations based on the test results for the effective selection of network security controls to achieve an appropriate balance between network security and performance

Editorial of "International Journal of Critical Indigenous Studies Volume 4, Number 2, 2011"

This special edition of the International Journal of Critical Indigenous Studies focuses upon the work scholars within the growing discipline of Aboriginal and Torres Strait Islander health studies. The lamentable state of Indigenous health in Australia is reflected in Indigenous populations elsewhere, especially where settler colonialism has left an indelible mark. This special edition therefore speaks to where Indigenous health outcomes and the efficacy of remedies are causing concern. Common to all is the demand that Indigenous people are placed front and centre of all attempts to improve health outcomes and that improvements are sought in culturally sensitive ways. Terry Dunbar presents findings from a research study that set out to investigate the Indigenous experiences of health and family services in the Northern Territory, Australia. The study asserts that cultural security is an integral and vital element of any policy that will impact upon Indigenous peoples. Dunbar concludes by arguing that in seeking positive change with regard to cultural security or otherwise, the most vociferous champions of that change are likely to be the Aboriginal communities affected. The article by Bronwyn Fredericks, Karen Adams, Sandra Angus and Melissa Walker also highlights the need to involve Aboriginal and Torres Strait Islander people, in this case women, in the design and development of strategies affecting their lives. Utilising routine communication methods such the ‘talking circle’ and the process referred to as ‘talkin’ up’, where women ‘talk back’ to one another about issues of personal importance, the article argues that the health strategy which emerged through these consultation approaches was more accurately informed by and responsive to women’s health need. Indeed, the resulting strategy reflected the women’s sense of themselves and the clear direction they felt their health services and polices should take.

Understanding data flow and security requirements in wireless Body Area Networks for healthcare

The Body Area Network (BAN) is an emerging technology that focuses on monitoring physiological data in, on and around the human body. BAN technology permits wearable and implanted sensors to collect vital data about the human body and transmit it to other nodes via low-energy communication. In this paper, we investigate interactions in terms of data flows between parties involved in BANs under four different scenarios targeting outdoor and indoor medical environments: hospital, home, emergency and open areas. Based on these scenarios, we identify data flow requirements between BAN elements such as sensors and control units (CUs) and parties involved in BANs such as the patient, doctors, nurses and relatives. Identified requirements are used to generate BAN data flow models. Petri Nets (PNs) are used as the formal modelling language. We check the validity of the models and compare them with the existing related work. Finally, using the models, we identify communication and security requirements based on the most common active and passive attack scenarios.