Security of Two-Party Identity-Based Key Agreement

Identity-based cryptography has become extremely fashionable in the last few years. As a consequence many proposals for identity-based key establishment have emerged, the majority in the two party case. We survey the currently proposed protocols of this type, examining their security and efficiency. Problems with some published protocols are noted.

Is the Marlboro man the only alternative? The role of gender identity and self-construal salience in evaluations of male models

This research examines how men react to male models in print advertisements. In two experiments, we show that the gender identity of men influences their responses to advertisements featuring a masculine, feminine, or androgynous male model. In addition, we explore the extent to which men feel they will be classified by others as similar to the model as a mechanism for these effects. Specifically, masculine men respond most favorably to masculine models and are negative toward feminine models. In contrast, feminine men prefer feminine models when their private self is salient. Yet in a collective context, they prefer masculine models.These experiments shed light on how gender identity and self-construal influence male evaluations and illustrate the social pressure on men to endorse traditional masculine portrayals. We also present implications for advertising practice.

Identity-based strong designated verifier signature schemes: Attacks and new construction

A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party can even verify the validity of a designated verifier signature. We show that anyone who intercepts one signature can verify subsequent signatures in Zhang-Mao ID-based designated verifier signature scheme and Lal-Verma ID-based designated verifier proxy signature scheme. We propose a new and efficient ID-based designated verifier signature scheme that is strong and unforgeable. As a direct corollary, we also get a new efficient ID-based designated verifier proxy signature scheme.

The Sociology of Cosmopolitanism:Globalization, Identity, Culture and Government

The dream of a cosmopolitical utopia has been around for thousands of years. Yet the promise of being locally situated and at the same time globally connected and mobile has never seemed more possible than it is today. The question remains as to whether it is positive and realistic for us to have multiple loyalties. Can we sustain community and solidarity with our neighbours while we look beyond our nation? And if we can't - or won't – consider distant strangers as part of our own world, are there increasingly dire consequences? This book reconnects classical sociological theory and contemporary ideas on mobility, otherness, material assemblages, consumption and surveillance to render the idea of a global cosmopolitan utopia amenable to sociological investigation. The book takes a realistic approach to the development of cosmopolitical arrangements. It embraces the imaginative impulses the cosmopolitan dream provides, but takes into account the political, ethical and cultural dimensions of such cosmopolitan developments. In revisiting the relevance of classical sociological approaches in the context of contemporary theoretical challenges, the distinctive approach this book takes to understanding cosmopolitanism will be of use to scholars and students alike.

Strengthening and formally verifying privacy in identity management systems

In a digital world, users’ Personally Identifiable Information (PII) is normally managed with a system called an Identity Management System (IMS). There are many types of IMSs. There are situations when two or more IMSs need to communicate with each other (such as when a service provider needs to obtain some identity information about a user from a trusted identity provider). There could be interoperability issues when communicating parties use different types of IMS. To facilitate interoperability between different IMSs, an Identity Meta System (IMetS) is normally used. An IMetS can, at least theoretically, join various types of IMSs to make them interoperable and give users the illusion that they are interacting with just one IMS. However, due to the complexity of an IMS, attempting to join various types of IMSs is a technically challenging task, let alone assessing how well an IMetS manages to integrate these IMSs. The first contribution of this thesis is the development of a generic IMS model called the Layered Identity Infrastructure Model (LIIM). Using this model, we develop a set of properties that an ideal IMetS should provide. This idealized form is then used as a benchmark to evaluate existing IMetSs. Different types of IMS provide varying levels of privacy protection support. Unfortunately, as observed by Jøsang et al (2007), there is insufficient privacy protection in many of the existing IMSs. In this thesis, we study and extend a type of privacy enhancing technology known as an Anonymous Credential System (ACS). In particular, we extend the ACS which is built on the cryptographic primitives proposed by Camenisch, Lysyanskaya, and Shoup. We call this system the Camenisch, Lysyanskaya, Shoup - Anonymous Credential System (CLS-ACS). The goal of CLS-ACS is to let users be as anonymous as possible. Unfortunately, CLS-ACS has problems, including (1) the concentration of power to a single entity - known as the Anonymity Revocation Manager (ARM) - who, if malicious, can trivially reveal a user’s PII (resulting in an illegal revocation of the user’s anonymity), and (2) poor performance due to the resource-intensive cryptographic operations required. The second and third contributions of this thesis are the proposal of two protocols that reduce the trust dependencies on the ARM during users’ anonymity revocation. Both protocols distribute trust from the ARM to a set of n referees (n > 1), resulting in a significant reduction of the probability of an anonymity revocation being performed illegally. The first protocol, called the User Centric Anonymity Revocation Protocol (UCARP), allows a user’s anonymity to be revoked in a user-centric manner (that is, the user is aware that his/her anonymity is about to be revoked). The second protocol, called the Anonymity Revocation Protocol with Re-encryption (ARPR), allows a user’s anonymity to be revoked by a service provider in an accountable manner (that is, there is a clear mechanism to determine which entity who can eventually learn - and possibly misuse - the identity of the user). The fourth contribution of this thesis is the proposal of a protocol called the Private Information Escrow bound to Multiple Conditions Protocol (PIEMCP). This protocol is designed to address the performance issue of CLS-ACS by applying the CLS-ACS in a federated single sign-on (FSSO) environment. Our analysis shows that PIEMCP can both reduce the amount of expensive modular exponentiation operations required and lower the risk of illegal revocation of users’ anonymity. Finally, the protocols proposed in this thesis are complex and need to be formally evaluated to ensure that their required security properties are satisfied. In this thesis, we use Coloured Petri nets (CPNs) and its corresponding state space analysis techniques. All of the protocols proposed in this thesis have been formally modeled and verified using these formal techniques. Therefore, the fifth contribution of this thesis is a demonstration of the applicability of CPN and its corresponding analysis techniques in modeling and verifying privacy enhancing protocols. To our knowledge, this is the first time that CPN has been comprehensively applied to model and verify privacy enhancing protocols. From our experience, we also propose several CPN modeling approaches, including complex cryptographic primitives (such as zero-knowledge proof protocol) modeling, attack parameterization, and others. The proposed approaches can be applied to other security protocols, not just privacy enhancing protocols.

Children re-read and re-write their neighborhoods : critical literacies and identity work

This chapter considers the complex literate repertoires of 21st century children in multicultural primary classrooms in Adelaide South Australia. It draws on the curricular and pedagogical work of two experienced primary school teachers who explore culture, race and class, by positioning children as textual producers across a variety of media. In particular we discuss two child-authored texts – A is for Arndale – a local alphabet book co-authored by children aged between eight and ten, and – Cooking Afghani Style - a magazine style film produced by a multi-aged class of children (aged eight to thirteen) recently arrived in Australia. In the process of making these texts, primary children engaged in reading as a cultural practice – re-reading and re-writing their neighbourhoods and identities (both individual and collective). This involved frequent excursions to local key sites, both familiar and unfamiliar to the children. They investigated how diverse children experienced and lived their lives in particular places within changing communities.

The Australian Grey Nomads : are they who we think they are? Enhancing formative research through the quantitative assessment of psychological constructs

Issue addressed: Measures of 'social identity' and 'psychological sense of community' were included within a broader formative research inquiry to gain insight into the identity characteristics and level of connectedness among older recreational road travellers (commonly known as Grey Nomads). The research sought to gain insights on how best to reach or speak to this growing driver cohort. ----- ----- Method: Participants included 631 older recreational road travellers ranging in age from 50 years to over 80 years. Data were obtained through three scales which were incorporated into a larger formative research survey; an identity hierarchy, the Three Factor Model of Social Identity and the Sense of Community Index. ----- ----- Results: Older recreational road travellers see themselves principally as couples, with social group identity being secondary. Although many identified to some degree with the Grey Nomad identity, when asked to self categorise as either members of the Broad Network of Recreational Vehicle Travellers or as Grey Nomads, the majority categorised themselves as the former. Those identifying as Grey Nomads, however, reported significantly higher levels of 'social identification' and 'sense of community'. ----- ----- Conclusion: The Grey Nomad identity may not be the best identity at which to target road safety messages for this cohort. Targeting travelling 'couples' may be more efficacious. Using the 'Grey Nomad' identity is likely to reap at least some success, however, given that many identified to some degree with this group identity. Those identifying as Grey Nomads may be more open to community participation or behaviour change given their significantly higher levels of 'social identity' and 'sense of community'.

Collaborative inquiries into literacy, place and identity in changing policy contexts : implications for teacher development

In this chapter we describe a history of collaboration between university-based literacy researchers and school-based teachers in teacher development programs and practitioner inquiries designed to improve literacy outcomes for students living in low-socioeconomic circumstances. We consider how an inquiry stance has informed teachers working for social justice through curriculum and pedagogy designed to connect children’s developing literacy repertoires with their changing material, social and linguistic contexts. We use examples from the practices of two of our long-term teacher-collaborators to show what has been possible to achieve, even in radically different policy contexts, because of teachers’ continued commitment to themes of place and belonging, and language and identity.

Identity fraud and land registration systems : an Australian perspective

There is no doubt that fraud in relation to land transactions is a problem that resonates amongst land academics, practitioners, and stakeholders involved in conveyancing. As each land registration and conveyancing process increasingly moves towards a fully electronic environment, we need to make sure that we understand and guard against the frauds that can occur. What this paper does is examine the types of fraud that have occurred in paper-based conveyancing systems in Australia and considers how they might be undertaken in the National Electronic Conveyancing System (NECS) that is currently under development. Whilst no system can ever be infallible, it is suggested that by correctly imposing the responsibility for identity verification on the appropriate individual, the conveyancing system adopted can achieve the optimum level of fairness in terms of allocation of responsibility and loss. As we sit on the cusp of a new era of electronic conveyancing, the framework suggested here provides a model for minimising the risks of forged mortgages and appropriately allocating the loss. Importantly it also recognises that the electronic environment will see new opportunities for those with criminal intent to undermine the integrity of land transactions. An appreciation of this now, can see the appropriate measures put in place to minimise the risk.

Using reflective practice assessment in the first year of law to encourage a positive professional identity and promote law student well-being

In this paper we argue that intentional curriculum design in the first year of law should encourage law students to develop an emergent sense of a positive professional identity. When first year law students engage with a nascent notion of a positive professional identity, their well-being is supported because their studies are informed and contextualised by a sense of purpose for their future professional life. In a first year law subject run for the first time at the QUT Law School in 2011, reflective practice was successfully used to achieve these goals. The paper discusses the subject, the opportunity of using reflective practice to teach a positive sense of professional identity, and some student perspectives on the subject’s design.

Putting the cart before the horse? Driving student engagement through first year career identity development in a large multidisciplinary creative industries cohort

It is now widely accepted that first year students benefit from pedagogies which mediate and support their transitions to university, and assist them to develop an adaptive student identity. We present an initiative which takes an alternative and additional approach to this way of viewing the first year experience. Based on research into creative industries career trajectories, this initiative focuses on the establishment of nascent career identity and professional self-concept amongst 600 first semester Bachelor of Creative Industries (BCI) students at QUT. The BCI is offered as a three year undergraduate program involving self-selection of majors, minors and electives, and also as a four year double degree with Business and Law faculties. Students engage in a scaffolded process of initial career visioning and reflective course planning, based on their own industry and careers research, guided by industry-active academic and careers staff, and drawing upon the experiences of final year students.

Identity verification in conveyancing : the failure of current legislative and regulatory measures, and recommendations for change

"Defrauding land titles systems impacts upon us all. Those who deal in land include ordinary citizens, big business, small business, governments, not-for-profit organisation, deceased estates...Fraud here touches almost everybody." the thesis presented in this paper is that the current and disparate steps taken by jurisdictions to alleviate land fraud associated with identity-based crimes are inadequate. The centrepiece of the analysis is the consideration of two scenarios that have recently occurred. One is the typical scenario where a spouse forges the partner's signature to obtain a mortgage from a financial institution. The second is atypical. It involves a sophisticated overseas fraud duping many stakeholders involved in the conveyancing process. After outlining these scenarios, we will examine how identity verification requirements of the United Kingdom, Ontario, the Australian states, and New Zealand would have been applied to these two frauds. Our conclusion is that even though some jurisdictions may have prevented the frauds from occurring, the current requirements are inadequate. We use the lessons learnt to propose what we consider core principles for identity verification in land transactions.

Are we keeping the bastards honest? Perceptions of corruption, integrity and influence on politics

The words of the late Don Chipp, the founder of the Australian Democrats, have a perennial relevance to politics. When Chipp talked about ‘keeping the bastards honest’, it related to a minor political party playing a role of keeping the major political parties true to their word (Warhurst 1997). Yet it is also a democratic role that citizens play on an ongoing basis, particularly through the mechanism of elections. At the ballot box, governments that are widely perceived to have acted with a lack of integrity are roundly punished. This chapter explores public opinion on issues of integrity, corruption, influence and trust in politics and politicians in Australia. The evidence paints a differentiated picture of a public which sees little sign of overtly corrupt political practices but on the other hand does not feel terribly influential and is not always confident of fair treatment from public officials...

Identity theft, computers and behavioral biometrics

The increase of online services, such as eBanks, WebMails, in which users are verified by a username and password, is increasingly exploited by Identity Theft procedures. Identity Theft is a fraud, in which someone pretends to be someone else is order to steal money or get other benefits. To overcome the problem of Identity Theft an additional security layer is required. Within the last decades the option of verifying users based on their keystroke dynamics was proposed during login verification. Thus, the imposter has to be able to type in a similar way to the real user in addition to having the username and password. However, verifying users upon login is not enough, since a logged station/mobile is vulnerable for imposters when the user leaves her machine. Thus, verifying users continuously based on their activities is required. Within the last decade there is a growing interest and use of biometrics tools, however, these are often costly and require additional hardware. Behavioral biometrics, in which users are verified, based on their keyboard and mouse activities, present potentially a good solution. In this paper we discuss the problem of Identity Theft and propose behavioral biometrics as a solution. We survey existing studies and list the challenges and propose solutions.

Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics

Internet services are important part of daily activities for most of us. These services come with sophisticated authentication requirements which may not be handled by average Internet users. The management of secure passwords for example creates an extra overhead which is often neglected due to usability reasons. Furthermore, password-based approaches are applicable only for initial logins and do not protect against unlocked workstation attacks. In this paper, we provide a non-intrusive identity verification scheme based on behavior biometrics where keystroke dynamics based-on free-text is used continuously for verifying the identity of a user in real-time. We improved existing keystroke dynamics based verification schemes in four aspects. First, we improve the scalability where we use a constant number of users instead of whole user space to verify the identity of target user. Second, we provide an adaptive user model which enables our solution to take the change of user behavior into consideration in verification decision. Next, we identify a new distance measure which enables us to verify identity of a user with shorter text. Fourth, we decrease the number of false results. Our solution is evaluated on a data set which we have collected from users while they were interacting with their mail-boxes during their daily activities.