An administrative model for UCON

UCON is an emerging access control framework that lacks an administration model. In this paper we define the problem of administration and propose a novel administrative model. At the core of this model is the concept of attribute, which is also the central component of UCON. In our model, attributes are created by the assertions of subjects, which ascribe properties/rights to other subjects or objects. Through such a treatment of attributes, administration capabilities can be delegated from one subject to another and as a consequence UCON is improved in three aspects. First, immutable attributes that are currently considered as external to the model can be incorporated and thereby treated as mutable at- tributes. Second, the current arbitrary categorisation of users (as modifiers of attributes), to system and administrator can be removed. Attributes and objects are only modifiable by those who possess administration capability over them. Third, the delegation of administration over objects and properties that is not currently expressible in UCON is made possible.

Towards authorisation models for secure information sharing : a survey and research agenda

This article presents a survey of authorisation models and considers their ‘fitness-for-purpose’ in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a ‘virtual organisation’. The article argues that present authorisation models are inflexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justifies the use of persistent authorisation policies. The article outlines the motivation and requirement for a new flexible authorisation model that addresses the needs of information sharing. It proposes that a flexible and scalable authorisation model must allow an explicit specification of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-based Access Control concept is presented.

On the use of different spatial reference frames for movement control

Previous work has shown that amplitude and direction are two independently controlled parameters of aimed arm movements, and performance, therefore, suffers when they must be decomposed into Cartesian coordinates. We now compare decomposition into different coordinate systems. Subjects pointed at visual targets in 2-D with a cursor, using a two-axis joystick or two single-axis joysticks. In the latter case, joystick axes were aligned with the subjects’ body axes, were rotated by –45°, or were oblique (i.e., one axis was in an egocentric frame and the other was rotated by –45°). Cursor direction always corresponded to joystick direction. We found that compared with the two-axis joystick, responses with single-axis joysticks were slower and less accurate when the axes were oriented egocentrically; the deficit was even more pronounced when the axes were rotated and was most pronounced when they were oblique. This confirms that decomposition of motor commands is computationally demanding and documents that this demand is lowest for egocentric, higher for rotated, and highest for oblique coordinates. We conclude that most current vehicles use computationally demanding man–machine interfaces.

Flexible high-power multi DC-DC converters for train systems

This thesis reports on the investigations, simulations and analyses of novel power electronics topologies and control strategies. The research is financed by an Australian Research Council (ARC) Linkage (07-09) grant. Therefore, in addition to developing original research and contributing to the available knowledge of power electronics, it also contributes to the design of a DC-DC converter for specific application to the auxiliary power supply in electric trains. Specifically, in this regard, it contributes to the design of a 7.5 kW DC-DC converter for the industrial partner (Schaffler and Associates Ltd) who supported this project. As the thesis is formatted as a ‘thesis by publication’, the contents are organized around published papers. The research has resulted in eleven papers, including seven peer reviewed and published conference papers, one published journal paper, two journal papers accepted for publication and one submitted journal paper (provisionally accepted subject to few changes). In this research, several novel DC-DC converter topologies are introduced, analysed, and tested. The similarity of all of the topologies devised lies in their ‘current circulating’ switching state, which allows them to store some energy in the inductor, as extra inductor current. The stored energy may be applied to enhance the performance of the converter in the occurrence of load current or input voltage disturbances. In addition, when there is an alternating load current, the ability to store energy allows the converter to perform satisfactorily despite frequently and highly varying load current. In this research, the capability of current storage has been utilised to design topologies for specific applications, and the enhancement of the performance of the considered applications has been illustrated. The simplest DC-DC converter topology, which has a ‘current circulating’ switching state, is the Positive Buck-Boost (PBB) converter (also known as the non-inverting Buck-Boost converter). Usually, the topology of the PBB converter is operating as a Buck or a Boost converter in applications with widely varying input voltage or output reference voltage. For example, in electric railways (the application of our industrial partner), the overhead line voltage alternates from 1000VDC to 500VDC and the required regulated voltage is 600VDC. In the course of this research, our industrial partner (Schaffler and Associates Ltd) industrialized a PBB converter–the ‘Mudo converter’–operating at 7.5 kW. Programming the onboard DSP and testing the PBB converter in experimental and nominal power and voltage was part of this research program. In the earlier stages of this research, the advantages and drawbacks of utilization of the ‘current circulating’ switching state in the positive Buck-Boost converter were investigated. In brief, the advantages were found to be robustness against input voltage and current load disturbances, and the drawback was extra conduction and switching loss. Although the robustness against disturbances is desirable for many applications, the price of energy loss must be minimized to attract attention to the utilization of the PBB converter. In further stages of this research, two novel control strategies for different applications were devised to minimise the extra energy loss while the advantages of the positive Buck-Boost converter were fully utilized. The first strategy is Smart Load Controller (SLC) for applications with pre-knowledge or predictability of input voltage and/or load current disturbances. A convenient example of these applications is electric/hybrid cars where a master controller commands all changes in loads and voltage sources. Therefore, the master controller has a pre-knowledge of the load and input voltage disturbances so it can apply the SLC strategy to utilize robustness of the PBB converter. Another strategy aiming to minimise energy loss and maximise the robustness in the face of disturbance is developed to cover applications with unexpected disturbances. This strategy is named Dynamic Hysteresis Band (DHB), and is used to manipulate the hysteresis band height after occurrence of disturbance to reduce dynamics of the output voltage. When no disturbance has occurred, the PBB converter works with minimum inductor current and minimum energy loss. New topologies based on the PBB converter have been introduced to address input voltage disturbances for different onboard applications. The research shows that the performance of applications of symmetrical/asymmetrical multi-level diode-clamped inverters, DC-networks, and linear-assisted RF amplifiers may be enhanced by the utilization of topologies based on the PBB converter. Multi-level diode-clamped inverters have the problem of DC-link voltage balancing when the power factor of their load closes to unity. This research has shown that this problem may be solved with a suitable multi-output DC-DC converter supplying DClink capacitors. Furthermore, the multi-level diode-clamped inverters supplied with asymmetrical DC-link voltages may improve the quality of load voltage and reduce the level of Electromagnetic Interference (EMI). Mathematical analyses and experiments on supplying symmetrical and asymmetrical multi-level inverters by specifically designed multi-output DC-DC converters have been reported in two journal papers. Another application in which the system performance can be improved by utilization of the ‘current circulating’ switching state is linear-assisted RF amplifiers in communicational receivers. The concept of ‘linear-assisted’ is to divide the signal into two frequency domains: low frequency, which should be amplified by a switching circuit; and the high frequency domain, which should be amplified by a linear amplifier. The objective is to minimize the overall power loss. This research suggests using the current storage capacity of a PBB based converter to increase its bandwidth, and to increase the domain of the switching converter. The PBB converter addresses the industrial demand for a DC-DC converter for the application of auxiliary power supply of a typical electric train. However, after testing the industrial prototype of the PBB converter, there were some voltage and current spikes because of switching. To attenuate this problem without significantly increasing the switching loss, the idea of Active Gate Signalling (AGS) is presented. AGS suggests a smart gate driver that selectively controls the switching process to reduce voltage/current spikes, without unacceptable reduction in the efficiency of switching.

Algebraic analysis of small scale LEX-BES

This paper examines the algebraic cryptanalysis of small scale variants of the LEX-BES. LEX-BES is a stream cipher based on the Advanced Encryption Standard (AES) block cipher. LEX is a generic method proposed for constructing a stream cipher from a block cipher, initially introduced by Biryukov at eSTREAM, the ECRYPT Stream Cipher project in 2005. The Big Encryption System (BES) is a block cipher introduced at CRYPTO 2002 which facilitates the algebraic analysis of the AES block cipher. In this paper, experiments were conducted to find solution of the equation system describing small scale LEX-BES using Gröbner Basis computations. This follows a similar approach to the work by Cid, Murphy and Robshaw at FSE 2005 that investigated algebraic cryptanalysis on small scale variants of the BES. The difference between LEX-BES and BES is that due to the way the keystream is extracted, the number of unknowns in LEX-BES equations is fewer than the number in BES. As far as the author knows, this attempt is the first at creating solvable equation systems for stream ciphers based on the LEX method using Gröbner Basis computations.

An analysis of the RC4 family of stream ciphers against algebraic attacks

To date, most applications of algebraic analysis and attacks on stream ciphers are on those based on lin- ear feedback shift registers (LFSRs). In this paper, we extend algebraic analysis to non-LFSR based stream ciphers. Specifically, we perform an algebraic analysis on the RC4 family of stream ciphers, an example of stream ciphers based on dynamic tables, and inves- tigate its implications to potential algebraic attacks on the cipher. This is, to our knowledge, the first pa- per that evaluates the security of RC4 against alge- braic attacks through providing a full set of equations that describe the complex word manipulations in the system. For an arbitrary word size, we derive alge- braic representations for the three main operations used in RC4, namely state extraction, word addition and state permutation. Equations relating the inter- nal states and keystream of RC4 are then obtained from each component of the cipher based on these al- gebraic representations, and analysed in terms of their contributions to the security of RC4 against algebraic attacks. Interestingly, it is shown that each of the three main operations contained in the components has its own unique algebraic properties, and when their respective equations are combined, the resulting system becomes infeasible to solve. This results in a high level of security being achieved by RC4 against algebraic attacks. On the other hand, the removal of an operation from the cipher could compromise this security. Experiments on reduced versions of RC4 have been performed, which confirms the validity of our algebraic analysis and the conclusion that the full RC4 stream cipher seems to be immune to algebraic attacks at present.

Bias in the nonlinear filter generator output sequence

Nonlinear filter generators are common components used in the keystream generators for stream ciphers and more recently for authentication mechanisms. They consist of a Linear Feedback Shift Register (LFSR) and a nonlinear Boolean function to mask the linearity of the LFSR output. Properties of the output of a nonlinear filter are not well studied. Anderson noted that the m-tuple output of a nonlinear filter with consecutive taps to the filter function is unevenly distributed. Current designs use taps which are not consecutive. We examine m-tuple outputs from nonlinear filter generators constructed using various LFSRs and Boolean functions for both consecutive and uneven (full positive difference sets where possible) tap positions. The investigation reveals that in both cases, the m-tuple output is not uniform. However, consecutive tap positions result in a more biased distribution than uneven tap positions, with some m-tuples not occurring at all. These biased distributions indicate a potential flaw that could be exploited for cryptanalysis.

Towards a game theoretic authorisation model

Authorised users (insiders) are behind the majority of security incidents with high financial impacts. Because authorisation is the process of controlling users’ access to resources, improving authorisation techniques may mitigate the insider threat. Current approaches to authorisation suffer from the assumption that users will (can) not depart from the expected behaviour implicit in the authorisation policy. In reality however, users can and do depart from the canonical behaviour. This paper argues that the conflict of interest between insiders and authorisation mechanisms is analogous to the subset of problems formally studied in the field of game theory. It proposes a game theoretic authorisation model that can ensure users’ potential misuse of a resource is explicitly considered while making an authorisation decision. The resulting authorisation model is dynamic in the sense that its access decisions vary according to the changes in explicit factors that influence the cost of misuse for both the authorisation mechanism and the insider.

A new family of Marx generator based on resonant converter

This paper presents a novel topology to generate high voltage with utilization of slow and fast power switches. New concepts used in this topology include numbers of diode-capacitor units in parallel with resonant circuits which are connected to a positive buck-boost converter. The resonant circuit reverses the voltage polarity of the capacitors. This configuration has capability of generating a flexible high voltage with certain number of capacitors. The advantage of this topology is to use slow switches, less number of diodes and capacitors compare to Marx generator. Simulations have been performed to verify the proposed topology.

Information sharing in the 21st century : progress and challenges

With the increasing threat of cyber and other attacks on critical infrastructure, governments throughout the world have been organizing industry to share information on possible threats. In Australia the Office of the Attorney General has formed Trusted Information Sharing Networks (TISN) for the various critical industries such as banking and electricity. Currently the majority of information for a TISN is shared at physical meetings. To meet cyber threats there are clearly limitations to physical meetings. Many of these limitations can be overcome by the creation of a virtual information sharing network (VISN). However there are many challenges to overcome in the design of a VISN both from a policy and technical viewpoint. We shall discuss some of these challenges in this talk.

A novel high voltage pulsed power supply based on low voltage switch-capacitor units

This paper presents a high voltage pulsed power system based on low voltage switch-capacitor units connected to a current source for several applications such as plasma systems. A modified positive buck-boost converter topology is used to utilize the current source concept and a series of low voltage switch-capacitor units is connected to the current source in order to provide high voltage with high voltage stress (dv/dt) as demanded by loads. This pulsed power converter is flexible in terms of energy control, in that the stored energy in the current source can be adjusted by changing the current magnitude to significantly improve the efficiency of various systems with different requirements. Output voltage magnitude and stress (dv/dt) can be controlled by a proper selection of components and control algorithm to turn on and off switching devices.

Secure tracking for critical applications : communications, GPS and future Galileo services

Tracking/remote monitoring systems using GNSS are a proven method to enhance the safety and security of personnel and vehicles carrying precious or hazardous cargo. While GNSS tracking appears to mitigate some of these threats, if not adequately secured, it can be a double-edged sword allowing adversaries to obtain sensitive shipment and vehicle position data to better coordinate their attacks, and to provide a false sense of security to monitoring centers. Tracking systems must be designed with the ability to perform route-compliance and thwart attacks ranging from low-level attacks such as the cutting of antenna cables to medium and high-level attacks involving radio jamming and signal / data-level simulation, especially where the goods transported have a potentially high value to terrorists. This paper discusses the use of GNSS in critical tracking applications, addressing the mitigation of GNSS security issues, augmentation systems and communication systems in order to provide highly robust and survivable tracking systems.

Bias in the nonlinear filter generator output sequence

Nonlinear filter generators are common components used in the keystream generators for stream ciphers and more recently for authentication mechanisms. They consist of a Linear Feedback Shift Register (LFSR) and a nonlinear Boolean function to mask the linearity of the LFSR output. Properties of the output of a nonlinear filter are not well studied. Anderson noted that the m-tuple output of a nonlinear filter with consecutive taps to the filter function is unevenly distributed. Current designs use taps which are not consecutive. We examine m-tuple outputs from nonlinear filter generators constructed using various LFSRs and Boolean functions for both consecutive and uneven (full positive difference sets where possible) tap positions. The investigation reveals that in both cases, the m-tuple output is not uniform. However, consecutive tap positions result in a more biased distribution than uneven tap positions, with some m-tuples not occurring at all. These biased distributions indicate a potential flaw that could be exploited for cryptanalysis