ASICS : authenticated key exchange security incorporating certification systems

Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.

Relationship between quality certification and financial and non-financial performance of organizations

At present, many countries have either embraced ISO9001 or used it as the basis of their national quality certification systems. However, few studies have been conducted to examine the benefits companies’ gain from achieving and implementing ISO9001 standards (Chikuku et al. 2012; Psomas et al. 2013; Sampaio et al. 2011a,b). Analysis has brought much more confused and uneven results across the countries. Turning to the experience of Malaysia, this country has witnessed a spectacular growth at an average rate of 9.89% per annum of ISO certificates issued to companies operating within its borders (ISO Survey 2012). While many companies rush to be ISO 9001 certified whether this brings about better benefits (both the financial and the non-financial) is still an open question. In this study, the research problems were first formulated from the literature and then a questionnaire survey was conducted to test the hypotheses. A survey was administered to chief executives officers and managers across manufacturing and service organizations in Malaysia. Multivariate analysis and SPSS macro developed by Preacher and Hayes were used as statistical techniques to the financial and non-financial benefits of ISO9001 certification. The survey instrument was a two-page questionnaire comprising three sections. The first section of the questionnaire covered the company’s profile. The second section consisted of 25 items on internal benefits and third section consisted of 7 items on external benefits measured on 1–5 Likert scale to assess the benefits of ISO9001 certification. Total 201 valid responses were received. Results of the study indicate that there was no significant direct relationship between ISO9001 certification and organizational financial performance, while strong statistical evidence was found to support the direct relationship between ISO9001 certification and non-financial performance. The findings of the study discovered that financial performance is actually directly related to two non-financial measures, namely quality performance and local and international business performance, which are directly and significantly influenced by ISO9001 certification. Therefore non-financial performance measures are involved in the mediational process. The findings will assist practitioners in taking right courses of action that make the implementation of this standard more effective. For example, the study findings study suggests that companies should put emphasize on nonfinancial factors to improve their financial performance.

Definition of an airworthiness certification framework for civil unmanned aircraft systems

The development of effective safety regulations for unmanned aircraft systems (UAS) is an issue of paramount concern for industry. The development of this framework is a prerequisite for greater UAS access to civil airspace and, subsequently, the continued growth of the UAS industry. The direct use of the existing conventionally piloted aircraft (CPA) airworthiness certification framework for the regulation of UAS has a number of limitations. The objective of this paper is to present one possible approach for the structuring of airworthiness regulations for civilian UAS. The proposed approach facilitates a more systematic, objective and justifiable method for managing the spectrum of risk associated with the diversity of UAS and their potential operations. A risk matrix is used to guide the development of an airworthiness certification matrix (ACM). The ACM provides a structured categorisation that facilitates the future tailoring of regulations proportionate to the levels of risk associated with the operation of the UAS. As a result, an objective and traceable link may be established between mandated regulations and the overarching objective for an equivalent level of safety to CPA. The ACM also facilitates the systematic consideration of a range of technical and operational mitigation strategies. For these reasons, the ACM is proposed as a suitable method for the structuring of an airworthiness certification framework for civil or commercially operated UAS (i.e., the UAS equivalent in function to the Part 21 regulations for civil CPA) and for the further structuring of requirements on the operation of UAS in un-segregated airspace.

Teaching cause-of-death certification : lessons from international experience

The accuracy of cause-of-death statistics substantially depends on the quality of cause-of-death information in death certificates, primarily completed by medical doctors. Deficiencies in cause-of-death certification have been observed across the world, and over time. Despite educational interventions targeting to improve the quality of death certification, their intended impacts are rarely evaluated. This review aims to provide empirical evidence that could guide the modification of existing educational programs, or the development of new interventions, which are necessary to improve the capacity of certifiers as well as the quality of cause-of-death certification, and thereby, the quality of mortality statistics.

Definition of airworthiness categories for civil Unmanned Aircraft Systems (UAS)

This paper introduces a novel strategy for the specification of airworthiness certification categories for civil unmanned aircraft systems (UAS). The risk-based approach acknowledges the fundamental differences between the risk paradigms of manned and unmanned aviation. The proposed airworthiness certification matrix provides a systematic and objective structure for regulating the airworthiness of a diverse range of UAS types and operations. An approach for specifying UAS type categories is then discussed. An example of the approach, which includes the novel application of data-clustering algorithms, is presented to illustrate the discussion.

Dynamic analysis of on-board mass data to determine tampering in heavy vehicle on-board mass systems

Transport Certification Australia Limited, jointly with the National Transport Commission, has undertaken a project to investigate the feasibility of on-board mass monitoring (OBM) devices for regulatory purposes. OBM increases jurisdictional confidence in operational heavy vehicle compliance. This paper covers technical issues regarding potential use of dynamic data from OBM systems to indicate that tampering has occurred. Tamper-evidence and accuracy of current OBM systems needed to be determined before any regulatory schemes were put in place for its use. Tests performed to determine potential for, and ease of, tampering. An algorithm was developed to detect tamper events. Its results are detailed.

Static accuracy and precision of heavy vehicle on-board mass systems

Objective • Feasibility programme for on-board mass (OBM) monitoring of heavy vehicles (HVs) • Australian road authorities through Transport Certification Australia (TCA) • Accuracy of contemporary, commercially-available OBM units in Australia • Results need to be addressed/incorporated into specifications for Stage 2 of Intelligent Access Program (IAP) by Transport Certification Australia

Tamper evidence for heavy vehicle on board mass systems

On-board mass (OBM) monitoring devices on heavy vehicles (HVs) have been tested in a national programme jointly by Transport Certification Australia Limited and the National Transport Commission. The tests were for, amongst other parameters, accuracy and tamper-evidence. The latter by deliberately tampering with the signals from OBM primary transducers during the tests. The OBM feasibility team is analysing dynamic data recorded at the primary transducers of OBM systems to determine if it can be used to detect tamper events. Tamper-evidence of current OBM systems needs to be determined if jurisdictions are to have confidence in specifying OBM for HVs as part of regulatory schemes. An algorithm has been developed to detect tamper events. The results of its application are detailed here.

An accessible method for teaching doctors about death certification

The World Health Organization recommends that data on mortality in its member countries are collected utilising the Medical Certificate of Cause of Death published in the instruction volume of the ICD-10. However, investment in health information processes necessary to promote the use of this certificate and improve mortality information is lacking in many countries. An appeal for support to make improvements has been launched through the Health Metrics Network’s MOVE-IT strategy (Monitoring of Vital Events – Information Technology) [World Health Organization, 2011]. Despite this international spotlight on the need for capture of mortality data and in the use of the ICD-10 to code the data reported on such certificates, there is little cohesion in the way that certifiers of deaths receive instruction in how to complete the death certificate, which is the main source document for mortality statistics. Complete and accurate documentation of the immediate, underlying and contributory causes of death of the decedent on the death certificate is a requirement to produce standardised statistical information and to the ability to produce cause-specific mortality statistics that can be compared between populations and across time. This paper reports on a research project conducted to determine the efficacy and accessibility of the certification module of the WHO’s newly-developed web based training tool for coders and certifiers of deaths. Involving a population of medical students from the Fiji School of Medicine and a pre and post research design, the study entailed completion of death certificates based on vignettes before and after access to the training tool. The ability of the participants to complete the death certificates and analysis of the completeness and specificity of the ICD-10 coding of the reported causes of death were used to measure the effect of the students’ learning from the training tool. The quality of death certificate completion was assessed using a Quality Index before and after the participants accessed the training tool. In addition, the views of the participants about accessibility and use of the training tool were elicited using a supplementary questionnaire. The results of the study demonstrated improvement in the ability of the participants to complete death certificates completely and accurately according to best practice. The training tool was viewed very positively and its implementation in the curriculum for medical students was encouraged. Participants also recommended that interactive discussions to examine the certification exercises would be an advantage.

Reactive image-based collision avoidance system for unmanned aircraft systems

Approximately 20 years have passed now since the NTSB issued its original recommendation to expedite development, certification and production of low-cost proximity warning and conflict detection systems for general aviation [1]. While some systems are in place (TCAS [2]), ¡¨see-and-avoid¡¨ remains the primary means of separation between light aircrafts sharing the national airspace. The requirement for a collision avoidance or sense-and-avoid capability onboard unmanned aircraft has been identified by leading government, industry and regulatory bodies as one of the most significant challenges facing the routine operation of unmanned aerial systems (UAS) in the national airspace system (NAS) [3, 4]. In this thesis, we propose and develop a novel image-based collision avoidance system to detect and avoid an upcoming conflict scenario (with an intruder) without first estimating or filtering range. The proposed collision avoidance system (CAS) uses relative bearing ƒÛ and angular-area subtended ƒê , estimated from an image, to form a test statistic AS C . This test statistic is used in a thresholding technique to decide if a conflict scenario is imminent. If deemed necessary, the system will command the aircraft to perform a manoeuvre based on ƒÛ and constrained by the CAS sensor field-of-view. Through the use of a simulation environment where the UAS is mathematically modelled and a flight controller developed, we show that using Monte Carlo simulations a probability of a Mid Air Collision (MAC) MAC RR or a Near Mid Air Collision (NMAC) RiskRatio can be estimated. We also show the performance gain this system has over a simplified version (bearings-only ƒÛ ). This performance gain is demonstrated in the form of a standard operating characteristic curve. Finally, it is shown that the proposed CAS performs at a level comparable to current manned aviations equivalent level of safety (ELOS) expectations for Class E airspace. In some cases, the CAS may be oversensitive in manoeuvring the owncraft when not necessary, but this constitutes a more conservative and therefore safer, flying procedures in most instances.

Decision support for the safe design and operation of unmanned aircraft systems

Unmanned Aircraft Systems (UAS) describe a diverse range of aircraft that are operated without a human pilot on-board. Unmanned aircraft range from small rotorcraft, which can fit in the palm of your hand, through to fixed wing aircraft comparable in size to that of a commercial passenger jet. The absence of a pilot on-board allows these aircraft to be developed with unique performance capabilities facilitating a wide range of applications in surveillance, environmental management, agriculture, defence, and search and rescue. However, regulations relating to the safe design and operation of UAS first need to be developed before the many potential benefits from these applications can be realised. According to the International Civil Aviation Organization (ICAO), a Risk Management Process (RMP) should support all civil aviation policy and rulemaking activities (ICAO 2009). The RMP is described in International standard, ISO 31000:2009 (ISO, 2009a). This standard is intentionally generic and high-level, providing limited guidance on how it can be effectively applied to complex socio-technical decision problems such as the development of regulations for UAS. Through the application of principles and tools drawn from systems philosophy and systems engineering, this thesis explores how the RMP can be effectively applied to support the development of safety regulations for UAS. A sound systems-theoretic foundation for the RMP is presented in this thesis. Using the case-study scenario of a UAS operation over an inhabited area and through the novel application of principles drawn from general systems modelling philosophy, a consolidated framework of the definitions of the concepts of: safe, risk and hazard is made. The framework is novel in that it facilitates the representation of broader subjective factors in an assessment of the safety of a system; describes the issues associated with the specification of a system-boundary; makes explicit the hierarchical nature of the relationship between the concepts and the subsequent constraints that exist between them; and can be evaluated using a range of analytic or deliberative modelling techniques. Following the general sequence of the RMP, the thesis explores the issues associated with the quantified specification of safety criteria for UAS. A novel risk analysis tool is presented. In contrast to existing risk tools, the analysis tool presented in this thesis quantifiably characterises both the societal and individual risk of UAS operations as a function of the flight path of the aircraft. A novel structuring of the risk evaluation and risk treatment decision processes is then proposed. The structuring is achieved through the application of the Decision Support Problem Technique; a modelling approach that has been previously used to effectively model complex engineering design processes and to support decision-making in relation to airspace design. The final contribution made by this thesis is in the development of an airworthiness regulatory framework for civil UAS. A novel "airworthiness certification matrix" is proposed as a basis for the definition of UAS "Part 21" regulations. The outcome airworthiness certification matrix provides a flexible, systematic and justifiable method for promulgating airworthiness regulations for UAS. In addition, an approach for deriving "Part 1309" regulations for UAS is presented. In contrast to existing approaches, the approach presented in this thesis facilitates a traceable and objective tailoring of system-level reliability requirements across the diverse range of UAS operations. The significance of the research contained in this thesis is clearly demonstrated by its practical real world outcomes. Industry regulatory development groups and the Civil Aviation Safety Authority have endorsed the proposed airworthiness certification matrix. The risk models have also been used to support research undertaken by the Australian Department of Defence. Ultimately, it is hoped that the outcomes from this research will play a significant part in the shaping of regulations for civil UAS, here in Australia and around the world.

Flight guardian: a common avionics architecture for collision avoidance and safe emergency landing for unmanned aerial systems

This paper presents an approach to derive requirements for an avionics architecture that provides onboard sense-and-avoid and autonomous emergency forced landing capabilities to a UAS. The approach is based on two design paradigms that (1) derive requirements analyzing the common functionality between these two functions to then derive requirements for sensors, computing capability, interfaces, etc. (2) consider the risk and safety mitigation associated with these functions to derive certification requirements for the system design. We propose to use the Aircraft Certification Matrix (ACM) approach to tailor the system Development Assurance Levels (DAL) and architecture requirements in accordance with acceptable risk criteria. This architecture is developed under the name “Flight Guardian”. Flight Guardian is an avionics architecture that integrates common sensory elements that are essential components of any UAS that is required to be dependable. The Flight Guardian concept is also applicable to conventionally piloted aircraft, where it will serve to reduce cockpit workload.

Evaluation of robust autonomy and implications on UAS certification and design

As the number of potential applications of Unmanned Aircraft Systems (UAS) grows in civilian operations and national security, National Airworthiness Authorities are under increasing pressure to provide a path for certification and allow UAS integration into the national airspace. The success of this integration depends on developments in improved UAS reliability and safety, regulations for certification, and technologies for operational performance and safety assessment. This paper focusses on the latter and describes the use of a framework for evaluating robust autonomy of UAS, namely, the autonomous system’s ability to either continue operation in the presence of faults or safely shut down. The paper draws parallels between the proposed evaluation framework and the evaluation of pilots during the licensing process. It also discusses how the data from the proposed evaluation can be uses as an aid for decision making in certification and UAS designs.

A framework for testing robust autonomy of UAS during design and certification

As the number of Uninhabited Airborne Systems (UAS) proliferates in civil applications, industry is increasingly putting pressure on regulation authorities to provide a path for certification and allow UAS integration into regulated airspace. The success of this integration depends on developments in improved UAS reliability and safety, regulations for certification, and technologies for operational performance and safety assessment. This paper focusses on the last topic and describes a framework for quantifying robust autonomy of UAS, which quantifies the system's ability to either continue operating in the presence of faults or safely shut down. Two figures of merit are used to evaluate vehicle performance relative to mission requirements and the consequences of autonomous decision making in motion control and guidance systems. These figures of merit are interpreted within a probabilistic framework, which extends previous work in the literature. The valuation of the figures of merit can be done using stochastic simulation scenarios during both vehicle development and certification stages with different degrees of integration of hardware-in-the-loop simulation technology. The objective of the proposed framework is to aid in decision making about the suitability of a vehicle with respect to safety and reliability relative to mission requirements.