A cryptographic analysis of the TLS 1.3 handshake protocol candidates

The Internet Engineering Task Force (IETF) is currently developing the next version of the Transport Layer Security (TLS) protocol, version 1.3. The transparency of this standardization process allows comprehensive cryptographic analysis of the protocols prior to adoption, whereas previous TLS versions have been scrutinized in the cryptographic literature only after standardization. This is even more important as there are two related, yet slightly different, candidates in discussion for TLS 1.3, called draft-ietf-tls-tls13-05 and draft-ietf-tls-tls13-dh-based. We give a cryptographic analysis of the primary ephemeral Diffie–Hellman-based handshake protocol, which authenticates parties and establishes encryption keys, of both TLS 1.3 candidates. We show that both candidate handshakes achieve the main goal of providing secure authenticated key exchange according to an augmented multi-stage version of the Bellare–Rogaway model. Such a multi-stage approach is convenient for analyzing the design of the candidates, as they establish multiple session keys during the exchange. An important step in our analysis is to consider compositional security guarantees. We show that, since our multi-stage key exchange security notion is composable with arbitrary symmetric-key protocols, the use of session keys in the record layer protocol is safe. Moreover, since we can view the abbreviated TLS resumption procedure also as a symmetric-key protocol, our compositional analysis allows us to directly conclude security of the combined handshake with session resumption. We include a discussion on several design characteristics of the TLS 1.3 drafts based on the observations in our analysis.

An analysis of risk management disclosures: Australian evidence

- Purpose Communication of risk management practices are a critical component of good corporate governance. Research to date has been of little benefit in informing regulators internationally. This paper seeks to contribute to the literature by investigating how listed Australian companies in a setting where disclosures are explicitly required by the ASX corporate governance framework, disclose risk management (RM) information in the corporate governance statements within annual reports. - Design/methodology/approach To address our study’s research questions and related hypotheses, we examine the top 300 ASX-listed companies by market capitalisation at 30 June 2010. For these firms, we identify, code and categorise RM disclosures made in the annual reports according to the disclosure categories specified in Australian Stock Exchange Corporate Governance Principles and Recommendations (ASX CGPR). The derived data is then examined using a comprehensive approach comprising thematic content analysis and regression analysis. - Findings The results indicate widespread divergence in disclosure practices and low conformance with the Principle 7 of the ASX CGPR. This result suggests that companies are not disclosing all ‘material business risks’ possibly due to ignorance at the board level, or due to the intentional withholding of sensitive information from financial statement users. The findings also show mixed results across the factors expected to influence disclosure behaviour. Notably, the presence of a risk committee (RC) (in particular, a standalone RC) and technology committee (TC) are found to be associated with improved levels of disclosure. we do not find evidence that company risk measures (as proxied by equity beta and the market-to-book ratio) are significantly associated with greater levels of RM disclosure. Also, contrary to common findings in the disclosure literature, factors such as board independence and expertise, audit committee independence, and the usage of a Big-4 auditor do not seem to impact the level of RM disclosure in the Australian context. - Research limitation/implications The study is limited by the sample and study period selection as the RM disclosures of only the largest (top 300) ASX firms are examined for the fiscal year 2010. Thus, the finding may not be generalisable to smaller firms, or earlier/later years. Also, the findings may have limited applicability in other jurisdictions with different regulatory environments. - Practical implications The study’s findings suggest that insufficient attention has been applied to RM disclosures by listed companies in Australia. These results suggest that the RM disclosures practices observed in the Australian setting may not be meeting the objectives of regulators and the needs of stakeholders. - Originality/value Despite the importance of risk management communication, it is unclear whether disclosures in annual financial reports achieve this communication. The Australian setting provides an ideal environment to examine the nature and extent of risk management communication as the Australian Securities Exchange (ASX) has recommended risk management disclosures follow Principle 7 of its principle-based governance rules since 2007.

Systematic analysis of changes in cannabis use among participants in control conditions of randomised controlled trials

Introduction Cannabis remains the most used illegal substance across the globe, and negative outcomes and disorders are common. A spotlight therefore falls on reductions in cannabis use in people with cannabis use disorder. Current estimates of unassisted cessation or reduction in cannabis use rely on community surveys, and few studies focus on individuals with disorder. A key interest of services and researchers is to estimate effect size of reductions in consumption among treatment seekers who do not obtain treatment. Effects within waiting list or information-only control conditions of randomised controlled trials offer an opportunity to study this question. Method This paper examines the extent of reductions in days of cannabis use in the control groups of randomised controlled trials on treatment of cannabis use disorders. A systematic literature search was performed to identify trials that reported days of cannabis use in the previous 30 (or equivalent). Results Since all but one of the eight identified studies had delayed treatment controls, results could only be summarised across 2–4 months. Average weighted days of use in the previous 30 days fell from 24.5 to 19.9, and a meta-analysis using a random effects model showed an average reduction of 0.442 SD. However, every study had at least one significant methodological issue. Conclusions While further high-quality data is needed to confirm the observed effects, these results provide a baseline from which researchers and practitioners can estimate the extent of change required to detect effects of cannabis treatments in services or treatment trials.

Medication errors in residential aged care facilities: A distributed cognition analysis of the information exchange process

Background Medication safety is a pressing concern for residential aged care facilities (RACFs). Retrospective studies in RACF settings identify inadequate communication between RACFs, doctors, hospitals and community pharmacies as the major cause of medication errors. Existing literature offers limited insight about the gaps in the existing information exchange process that may lead to medication errors. The aim of this research was to explicate the cognitive distribution that underlies RACF medication ordering and delivery to identify gaps in medication-related information exchange which lead to medication errors in RACFs. Methods The study was undertaken in three RACFs in Sydney, Australia. Data were generated through ethnographic field work over a period of five months (May–September 2011). Triangulated analysis of data primarily focused on examining the transformation and exchange of information between different media across the process. Results The findings of this study highlight the extensive scope and intense nature of information exchange in RACF medication ordering and delivery. Rather than attributing error to individual care providers, the explication of distributed cognition processes enabled the identification of gaps in three information exchange dimensions which potentially contribute to the occurrence of medication errors namely: (1) design of medication charts which complicates order processing and record keeping (2) lack of coordination mechanisms between participants which results in misalignment of local practices (3) reliance on restricted communication bandwidth channels mainly telephone and fax which complicates the information processing requirements. The study demonstrates how the identification of these gaps enhances understanding of medication errors in RACFs. Conclusions Application of the theoretical lens of distributed cognition can assist in enhancing our understanding of medication errors in RACFs through identification of gaps in information exchange. Understanding the dynamics of the cognitive process can inform the design of interventions to manage errors and improve residents’ safety.

A survey and analysis of the GNSS spoofing threat and countermeasures

Detection and prevention of global network satellite system (GNSS) “spoofing” attacks, or the broadcast of false global navigation satellite system services, has recently attracted much research interest. This survey aims to fill three gaps in the literature: first, to assess in detail the exact nature of threat scenarios posed by spoofing against the most commonly cited targets; second, to investigate the many practical impediments, often underplayed, to carrying out GNSS spoofing attacks in the field; and third, to survey and assess the effectiveness of a wide range of proposed defences against GNSS spoofing. Our conclusion lists promising areas of future research.

Fighting like a girl … or a boy? An analysis of videos of violence between young girls posted on online fight websites

How young women engage in physical violence with other young women is an issue that raises specific concerns in both criminological literature and theories. Current theoretical explanations construct young women’s violence in one of two ways: young women are not physically violent at all, and adhere to an accepted performance of hegemonic femininity; or young women reject accepted performances of hegemonic femininity in favour of a masculine gendered performance to engage in violence successfully. This article draws on qualitative and quantitative data obtained from a structured observation and thematic analysis of 60 online videos featuring young women’s violent altercations. It argues that, contrary to this dichotomous construction, there appears to be a third way young women are performing violence, underpinned by masculine characteristics of aggression but upholding a hegemonic feminine gender performance. In making this argument, this article demonstrates that a more complex exploration and conceptualisation of young women’s violence, away from gendered constructs, is required for greater understanding of the issue.

The selection, optimization, and compensation model in the work context: A systematic review and meta-analysis of two decades of research

Over the past two decades, the selection, optimization, and compensation (SOC) model has been applied in the work context to investigate antecedents and outcomes of employees' use of action regulation strategies. We systematically review, meta-analyze, and critically discuss the literature on SOC strategy use at work and outline directions for future research and practice. The systematic review illustrates the breadth of constructs that have been studied in relation to SOC strategy use, and that SOC strategy use can mediate and moderate relationships of person and contextual antecedents with work outcomes. Results of the meta-analysis show that SOC strategy use is positively related to age (rc = .04), job autonomy (rc = .17), self-reported job performance (rc = .23), non-self-reported job performance (rc = .21), job satisfaction (rc = .25), and job engagement (rc = .38), whereas SOC strategy use is not significantly related to job tenure, job demands, and job strain. Overall, our findings underline the importance of the SOC model for the work context, and they also suggest that its measurement and reporting standards need to be improved to become a reliable guide for future research and organizational practice.

Detailed analysis of a conservative difference approximation for the time fractional diffusion equation

Diffusion equations that use time fractional derivatives are attractive because they describe a wealth of problems involving non-Markovian Random walks. The time fractional diffusion equation (TFDE) is obtained from the standard diffusion equation by replacing the first-order time derivative with a fractional derivative of order α ∈ (0, 1). Developing numerical methods for solving fractional partial differential equations is a new research field and the theoretical analysis of the numerical methods associated with them is not fully developed. In this paper an explicit conservative difference approximation (ECDA) for TFDE is proposed. We give a detailed analysis for this ECDA and generate discrete models of random walk suitable for simulating random variables whose spatial probability density evolves in time according to this fractional diffusion equation. The stability and convergence of the ECDA for TFDE in a bounded domain are discussed. Finally, some numerical examples are presented to show the application of the present technique.