Signal authentication and integrity schemes for next generation global navigation satellite systems

This paper describes a number of techniques for GNSS navigation message authentication. A detailed analysis of the security facilitated by navigation message authentication is given. The analysis takes into consideration the risk of critical applications that rely on GPS including transportation, finance and telecommunication networks. We propose a number of cryptographic authentication schemes for navigation data authentication. These authentication schemes provide authenticity and integrity of the navigation data to the receiver. Through software simulation, the performance of the schemes is quantified. The use of software simulation enables the collection of authentication performance data of different data channels, and the impact of various schemes on the infrastructure and receiver. Navigation message authentication schemes have been simulated at the proposed data rates of Galileo and GPS services, for which the resulting performance data is presented. This paper concludes by making recommendations for optimal implementation of navigation message authentication for Galileo and next generation GPS systems.

Requirements for enhancing trust, security and integrity of GNSS location services

The paper describes a number of requirements for enhancing the trust of location acquisition from Satellite Navigation Systems, particularly for those applications where the location is monitored through a remote GNSS receiver. We discuss how the trust of a location acquisition could be propagated to an application through the use of a proposed tamper-­resistant GNSS receiver which quantifies the trust of a location solution from the signaling used (ie. P(Y) code, Galileo SOL, PRS, CS) and provides a cryptographic proof of this to a remote application. The tamper­-resistance state of the receiver is also included in this cryptographic proof.

Automatic generation of assertions to detect potential security vulnerabilities in C programs that use union and pointer types

Type unions, pointer variables and function pointers are a long standing source of subtle security bugs in C program code. Their use can lead to hard-to-diagnose crashes or exploitable vulnerabilities that allow an attacker to attain privileged access over classified data. This paper describes an automatable framework for detecting such weaknesses in C programs statically, where possible, and for generating assertions that will detect them dynamically, in other cases. Exclusively based on analysis of the source code, it identifies required assertions using a type inference system supported by a custom made symbol table. In our preliminary findings, our type system was able to infer the correct type of unions in different scopes, without manual code annotations or rewriting. Whenever an evaluation is not possible or is difficult to resolve, appropriate runtime assertions are formed and inserted into the source code. The approach is demonstrated via a prototype C analysis tool.

Reinforcing bad behaviour : the misuse of security indicators on popular websites

Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.

Security metrics for object-oriented designs

Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.

Assessing the impact of refactoring on security-critical object-oriented designs

Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.

Diesel engine condition monitoring and simulated diesel knock

This paper discusses diesel engine condition monitoring (CM) using acoustic emissions (AE) as well as some of the commonly encountered diesel engine problems. Also discussed are some of the underlying combustion related faults and the methods used in past studies to simulate diesel engine faults. The initial test involved an experimental simulation of two common combustion related diesel engine faults, namely diesel knock and misfire. These simulated faults represent the first step towards a comprehensive investigation and analysis into the characteristics of acoustic emission signals arising from combustion related diesel engine faults. Data corresponding to different engine running conditions was captured using in-cylinder pressure, vibration and acoustic emission transducers along with both crank angle encoder and top-dead centre (TDC) signals. Using these signals, it was possible to characterise the effect of different combustion conditions and hence, various diesel engine in-cylinder pressure profiles.

Engaging marketing students : student operated businesses in a simulated world

Engaged students are committed and more likely to continue their university studies. Subsequently, they are less resource intensive from a university’s perspective. This article details an experiential second-year marketing course that requires students to develop real products and services to sell on two organized market days. In the course, students participate as both consumers and marketers in a simulated world. The current article explores the effectiveness of this experiential assessment in terms of its ability to engage students. Comparing student engagement to a traditional lecture course and National Survey of Student Engagement benchmarks, the results suggest that the use of a simulated marketplace is capable of engaging students. Specifically, the assessment reported encourages more active learning and collaboration, is more academically challenging, and permits more student–faculty interaction than a traditional lecture-based course. The course structure outlined in this article permits the dynamics of a live marketing environment to be introduced into the classroom. The authors provide practical advice for educators seeking to design and implement engaging pedagogy.

Effect of simulated visual impairment on nighttime driving performance

PURPOSE: This study investigated the effects of simulated visual impairment on nighttime driving performance and pedestrian recognition under real-road conditions. METHODS: Closed road nighttime driving performance was measured for 20 young visually normal participants (M = 27.5 +/- 6.1 years) under three visual conditions: normal vision, simulated cataracts, and refractive blur that were incorporated in modified goggles. The visual acuity levels for the cataract and blur conditions were matched for each participant. Driving measures included sign recognition, avoidance of low contrast road hazards, time to complete the course, and lane keeping. Pedestrian recognition was measured for pedestrians wearing either black clothing or black clothing with retroreflective markings on the moveable joints to create the perception of biological motion ("biomotion"). RESULTS: Simulated visual impairment significantly reduced participants' ability to recognize road signs, avoid road hazards, and increased the time taken to complete the driving course (p < 0.05); the effect was greatest for the cataract condition, even though the cataract and blur conditions were matched for visual acuity. Although visual impairment also significantly reduced the ability to recognize the pedestrian wearing black clothing, the pedestrian wearing "biomotion" was seen 80% of the time. CONCLUSIONS: Driving performance under nighttime conditions was significantly degraded by modest visual impairment; these effects were greatest for the cataract condition. Pedestrian recognition was greatly enhanced by marking limb joints in the pattern of "biomotion," which was relatively robust to the effects of visual impairment.

How HCI design influences web security decisions

Even though security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human machine interface. This paper reports on a diary study conducted in order to investigate what people identify as security decisions that they make while using the web. The study aimed to uncover how security is perceived in the individual's context of use. From this data, themes were drawn, with a focus on addressing security goals such as confidentiality and authentication. This study is the first study investigating users' web usage focusing on their self-documented perceptions of security and the security choices they made in their own environment.

Simulated cataract and low contrast stimuli impair cognitive performance in older adults : implications for neuropsychological assessment and everyday function

Objective: To investigate how age-related declines in vision (particularly contrast sensitivity), simulated using cataract-goggles and low-contrast stimuli, influence the accuracy and speed of cognitive test performance in older adults. An additional aim was to investigate whether declines in vision differentially affect secondary more than primary memory. Method: Using a fully within-subjects design, 50 older drivers aged 66-87 years completed two tests of cognitive performance - letter matching (perceptual speed) and symbol recall (short-term memory) - under different viewing conditions that degraded visual input (low-contrast stimuli, cataract-goggles, and low-contrast stimuli combined with cataract-goggles, compared with normal viewing). However, presentation time was also manipulated for letter matching. Visual function, as measured using standard charts, was taken into account in statistical analyses. Results: Accuracy and speed for cognitive tasks were significantly impaired when visual input was degraded. Furthermore, cognitive performance was positively associated with contrast sensitivity. Presentation time did not influence cognitive performance, and visual gradation did not differentially influence primary and secondary memory. Conclusion: Age-related declines in visual function can impact on the accuracy and speed of cognitive performance, and therefore the cognitive abilities of older adults may be underestimated in neuropsychological testing. It is thus critical that visual function be assessed prior to testing, and that stimuli be adapted to older adults' sensory capabilities (e.g., by maximising stimuli contrast).

Simulated visual impairment leads to cognitive slowing in older adults

PURPOSE: To investigate the impact of different levels of simulated visual impairment on the cognitive test performance of older adults and to compare this with previous findings in younger adults. METHODS.: Cognitive performance was assessed in 30 visually normal, community-dwelling older adults (mean = 70.2 ± 3.9 years). Four standard cognitive tests were used including the Digit Symbol Substitution Test, Trail Making Tests A and B, and the Stroop Color Word Test under three visual conditions: normal baseline vision and two levels of cataract simulating filters (Vistech), which were administered in a random order. Distance high-contrast visual acuity and Pelli-Robson letter contrast sensitivity were also assessed for all three visual conditions. RESULTS.: Simulated cataract significantly impaired performance across all cognitive test performance measures. In addition, the impact of simulated cataract was significantly greater in this older cohort than in a younger cohort previously investigated. Individual differences in contrast sensitivity better predicted cognitive test performance than did visual acuity. CONCLUSIONS.: Visual impairment can lead to slowing of cognitive performance in older adults; these effects are greater than those observed in younger participants. This has important implications for neuropsychological testing of older populations who have a high prevalence of cataract.

Enhancing security and continuity management at international airports

Operators of busy contemporary airports have to balance tensions between the timely flow of passengers, flight operations, the conduct of commercial business activities and the effective application of security processes. In addition to specific onsite issues airport operators liaise with a range of organisations which set and enforce aviation-related policies and regulations as well as border security agencies responsible for customs, quarantine and immigration, in addition to first response security services. The challenging demands of coordinating and planning in such complex socio-technical contexts place considerable pressure on airport management to facilitate coordination of what are often conflicting goals and expectations among groups that have standing in respect to safe and secure air travel. What are, as yet, significantly unexplored issues in large airports are options for the optimal coordination of efforts from the range of public and private sector participants active in airport security and crisis management. A further aspect of this issue is how airport management systems operate when there is a transition from business-as-usual into an emergency/crisis situation and then, on recovery, back to ‘normal’ functioning. Business Continuity Planning (BCP), incorporating sub-plans for emergency response, continuation of output and recovery of degraded operating capacity, would fit such a context. The implementation of BCP practices in such a significant high security setting offers considerable potential benefit yet entails considerable challenges. This paper presents early results of a 4 year nationally funded industry-based research project examining the merger of Business Continuity Planning and Transport Security Planning as a means of generating capability for improved security and reliability and, ultimately, enhanced resilience in major airports. The project is part of a larger research program on the Design of Secure Airports that includes most of the gazetted ‘first response’ international airports in Australia, key Aviation industry groups and all aviation-related border and security regulators as collaborative partners. The paper examines a number of initial themes in the research, including: ? Approaches to integrating Business Continuity & Aviation Security Planning within airport operations; ? Assessment of gaps in management protocols and operational capacities for identifying and responding to crises within and across critical aviation infrastructure; ? Identification of convergent and divergent approaches to crisis management used across Austral-Asia and their alignment to planned and possible infrastructure evolution.