Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Algebraic attacks on clock-controlled stream ciphers

Stream ciphers are encryption algorithms used for ensuring the privacy of digital telecommunications. They have been widely used for encrypting military communications, satellite communications, pay TV encryption and for voice encryption of both fixed lined and wireless networks. The current multi year European project eSTREAM, which aims to select stream ciphers suitable for widespread adoptation, reflects the importance of this area of research. Stream ciphers consist of a keystream generator and an output function. Keystream generators produce a sequence that appears to be random, which is combined with the plaintext message using the output function. Most commonly, the output function is binary addition modulo two. Cryptanalysis of these ciphers focuses largely on analysis of the keystream generators and of relationships between the generator and the keystream it produces. Linear feedback shift registers are widely used components in building keystream generators, as the sequences they produce are well understood. Many types of attack have been proposed for breaking various LFSR based stream ciphers. A recent attack type is known as an algebraic attack. Algebraic attacks transform the problem of recovering the key into a problem of solving multivariate system of equations, which eventually recover the internal state bits or the key bits. This type of attack has been shown to be effective on a number of regularly clocked LFSR based stream ciphers. In this thesis, algebraic attacks are extended to a number of well known stream ciphers where at least one LFSR in the system is irregularly clocked. Applying algebriac attacks to these ciphers has only been discussed previously in the open literature for LILI-128. In this thesis, algebraic attacks are first applied to keystream generators using stop-and go clocking. Four ciphers belonging to this group are investigated: the Beth-Piper stop-and-go generator, the alternating step generator, the Gollmann cascade generator and the eSTREAM candidate: the Pomaranch cipher. It is shown that algebraic attacks are very effective on the first three of these ciphers. Although no effective algebraic attack was found for Pomaranch, the algebraic analysis lead to some interesting findings including weaknesses that may be exploited in future attacks. Algebraic attacks are then applied to keystream generators using (p; q) clocking. Two well known examples of such ciphers, the step1/step2 generator and the self decimated generator are investigated. Algebraic attacks are shown to be very powerful attack in recovering the internal state of these generators. A more complex clocking mechanism than either stop-and-go or the (p; q) clocking keystream generators is known as mutual clock control. In mutual clock control generators, the LFSRs control the clocking of each other. Four well known stream ciphers belonging to this group are investigated with respect to algebraic attacks: the Bilateral-stop-and-go generator, A5/1 stream cipher, Alpha 1 stream cipher, and the more recent eSTREAM proposal, the MICKEY stream ciphers. Some theoretical results with regards to the complexity of algebraic attacks on these ciphers are presented. The algebraic analysis of these ciphers showed that generally, it is hard to generate the system of equations required for an algebraic attack on these ciphers. As the algebraic attack could not be applied directly on these ciphers, a different approach was used, namely guessing some bits of the internal state, in order to reduce the degree of the equations. Finally, an algebraic attack on Alpha 1 that requires only 128 bits of keystream to recover the 128 internal state bits is presented. An essential process associated with stream cipher proposals is key initialization. Many recently proposed stream ciphers use an algorithm to initialize the large internal state with a smaller key and possibly publicly known initialization vectors. The effect of key initialization on the performance of algebraic attacks is also investigated in this thesis. The relationships between the two have not been investigated before in the open literature. The investigation is conducted on Trivium and Grain-128, two eSTREAM ciphers. It is shown that the key initialization process has an effect on the success of algebraic attacks, unlike other conventional attacks. In particular, the key initialization process allows an attacker to firstly generate a small number of equations of low degree and then perform an algebraic attack using multiple keystreams. The effect of the number of iterations performed during key initialization is investigated. It is shown that both the number of iterations and the maximum number of initialization vectors to be used with one key should be carefully chosen. Some experimental results on Trivium and Grain-128 are then presented. Finally, the security with respect to algebraic attacks of the well known LILI family of stream ciphers, including the unbroken LILI-II, is investigated. These are irregularly clock- controlled nonlinear filtered generators. While the structure is defined for the LILI family, a particular paramater choice defines a specific instance. Two well known such instances are LILI-128 and LILI-II. The security of these and other instances is investigated to identify which instances are vulnerable to algebraic attacks. The feasibility of recovering the key bits using algebraic attacks is then investigated for both LILI- 128 and LILI-II. Algebraic attacks which recover the internal state with less effort than exhaustive key search are possible for LILI-128 but not for LILI-II. Given the internal state at some point in time, the feasibility of recovering the key bits is also investigated, showing that the parameters used in the key initialization process, if poorly chosen, can lead to a key recovery using algebraic attacks.

Safety-restraint use rate as function of law enforcement and other factors : preliminary analysis

Persistent use of safety restraints prevents deaths and reduces the severity and number of injuries resulting from motor vehicle crashes. However, safety-restraint use rates in the United States have been below those of other nations with safety-restraint enforcement laws. With a better understanding of the relationship between safety-restraint law enforcement and safety-restraint use, programs can be implemented to decrease the number of deaths and injuries resulting from motor vehicle crashes. Does safety-restraint use increase as enforcement increases? Do motorists increase their safety-restraint use in response to the general presence of law enforcement or to targeted law enforcement efforts? Does a relationship between enforcement and restraint use exist at the countywide level? A logistic regression model was estimated by using county-level safety-restraint use data and traffic citation statistics collected in 13 counties within the state of Florida in 1997. The model results suggest that safety-restraint use is positively correlated with enforcement intensity, is negatively correlated with safety-restraint enforcement coverage (in lanemiles of enforcement coverage), and is greater in urban than rural areas. The quantification of these relationships may assist Florida and other law enforcement agencies in raising safety-restraint use rates by allocating limited funds more efficiently either by allocating additional time for enforcement activities of the existing force or by increasing enforcement staff. In addition, the research supports a commonsense notion that enforcement activities do result in behavioral response.

Macular function in tilted disc syndrome

Tilted disc syndrome can cause visual field defects due to an optic disc anomaly. Recent electrophysiological findings demonstrate reduced central outer retinal function with ophthalmoscopically normal maculae. We measured macular sensitivity with the microperimeter and performed psychophysical assessment of mesopic rod and cone luminance temporal sensitivity (critical fusion frequency)in a 52-year-old male patient with tilted disc syndrome and ophthalmoscopically normal maculae. We found a marked reduction of sensitivity in the central 20 degrees and reduced rod- and cone-mediated mesopic visual function. Our findings extend previous electrophysiological data that suggest an outer retinal involvement of cone pathways and present a case with rod and cone impairment mediated via the magnocellular pathway in uncomplicated tilted disc syndrome.

Statistical modeling to determine resonant frequency information present in combustion chamber pressure signals

A statistical modeling method to accurately determine combustion chamber resonance is proposed and demonstrated. This method utilises Markov-chain Monte Carlo (MCMC) through the use of the Metropolis-Hastings (MH) algorithm to yield a probability density function for the combustion chamber frequency and find the best estimate of the resonant frequency, along with uncertainty. The accurate determination of combustion chamber resonance is then used to investigate various engine phenomena, with appropriate uncertainty, for a range of engine cycles. It is shown that, when operating on various ethanol/diesel fuel combinations, a 20% substitution yields the least amount of inter-cycle variability, in relation to combustion chamber resonance.

Prevalence of upper-body symptoms following breast cancer and its relationship with upper-body function and lymphoedema

This investigation describes the prevalence of upper-body symptoms in a population-based sample of women with breast cancer (BC) and examines their relationships with upper-body function (UBF) and lymphoedema, as two clinically important sequelae. Australian women (n=287) with unilateral BC were assessed at three-monthly intervals, from six to 18 months post-surgery (PS). Participants reported the presence and intensity of upper-body symptoms on the treated side. Objective and self-reported UBF and lymphoedema (bioimpedance spectroscopy) were also assessed. Approximately 50% of women reported at least one moderate-to-extreme symptom at 6- and at 18-months PS. There was a significant relationship between symptoms and function (p<0.01), whereby perceived and objective function declined with increasing number of symptoms present. Those with lymphoedema were more likely to report multiple symptoms and presence of symptoms at baseline increased risk of lymphoedema (ORs>1.3, p=0.02). Although, presence of symptoms explained only 5.5% of the variation in the odds of lymphoedema. Upper-body symptoms are common and persistent following breast cancer and are associated with clinical ramifications, including reduced UBF and increased risk of developing lymphoedema. However, using the presence of symptoms as a diagnostic indicator of lymphoedema is limited.

The role of the audit committee and institutional investors in constraining earnings management : evidence from Chinese firms listed in Hong Kong

Using data from 2004 to 2008, we find that an audit committee is an important monitoring mechanism as audit committee independence, expertise and size are associated with reduced levels of abnormal accruals, our measure of earnings management. This study also attempts to discern when the monitoring role of the audit committee is more salient for the firm. We find that ownership concentration and the presence of government officials on the audit committee are important determinants of the negative association between audit committee characteristics and earnings management. In contrast, we find no significant associations between the audit committee and abnormal accruals for Chinese firms listed only on the Chinese domestic Stock Exchanges. The paper contributes to the corporate governance literature in a transitional economy. Identifying the role of audit committees of firms listed on markets other than the domicile market demonstrates the importance of considering the institutional setting in governance research.

Can an effective audit committee help to mitigate earnings management in Chinese firms listed in Hong Kong?

This paper attempts to determine whether the adoption of recommended corporate governance practices by Chinese firms is associated with less earnings management proxied by abnormal accruals. We examine the role of the audit committee and ownership concentration in preventing earnings management using Chinese firms listed in Hong Kong. The results of this preliminary analysis show that the frequency of audit committee meetings is associated with reduced levels of abnormal accruals, our measure of earnings management. We conclude that audit committee activity is an important factor in constraining the propensity of managers to engage in earnings management. In contrast, we find that the size of the audit committee is associated with increased levels of abnormal accruals and suggest that increasing the size of the audit committee creates information asymmetry between the audit committee and management that reduces the monitoring capacity of the audit committee. We do not find any association between audit committee independence, financial and industry experience, or ownership concentration and abnormal accruals.