98 resultados para Proxy Credential

em Queensland University of Technology - ePrints Archive


Relevância:

20.00% 20.00%

Publicador:

Resumo:

Tzeng et al. proposed a new threshold multi-proxy multi-signature scheme with threshold verification. In their scheme, a subset of original signers authenticates a designated proxy group to sign on behalf of the original group. A message m has to be signed by a subset of proxy signers who can represent the proxy group. Then, the proxy signature is sent to the verifier group. A subset of verifiers in the verifier group can also represent the group to authenticate the proxy signature. Subsequently, there are two improved schemes to eliminate the security leak of Tzeng et al.’s scheme. In this paper, we have pointed out the security leakage of the three schemes and further proposed a novel threshold multi-proxy multi-signature scheme with threshold verification.

Relevância:

20.00% 20.00%

Publicador:

Relevância:

20.00% 20.00%

Publicador:

Resumo:

In a digital world, users’ Personally Identifiable Information (PII) is normally managed with a system called an Identity Management System (IMS). There are many types of IMSs. There are situations when two or more IMSs need to communicate with each other (such as when a service provider needs to obtain some identity information about a user from a trusted identity provider). There could be interoperability issues when communicating parties use different types of IMS. To facilitate interoperability between different IMSs, an Identity Meta System (IMetS) is normally used. An IMetS can, at least theoretically, join various types of IMSs to make them interoperable and give users the illusion that they are interacting with just one IMS. However, due to the complexity of an IMS, attempting to join various types of IMSs is a technically challenging task, let alone assessing how well an IMetS manages to integrate these IMSs. The first contribution of this thesis is the development of a generic IMS model called the Layered Identity Infrastructure Model (LIIM). Using this model, we develop a set of properties that an ideal IMetS should provide. This idealized form is then used as a benchmark to evaluate existing IMetSs. Different types of IMS provide varying levels of privacy protection support. Unfortunately, as observed by Jøsang et al (2007), there is insufficient privacy protection in many of the existing IMSs. In this thesis, we study and extend a type of privacy enhancing technology known as an Anonymous Credential System (ACS). In particular, we extend the ACS which is built on the cryptographic primitives proposed by Camenisch, Lysyanskaya, and Shoup. We call this system the Camenisch, Lysyanskaya, Shoup - Anonymous Credential System (CLS-ACS). The goal of CLS-ACS is to let users be as anonymous as possible. Unfortunately, CLS-ACS has problems, including (1) the concentration of power to a single entity - known as the Anonymity Revocation Manager (ARM) - who, if malicious, can trivially reveal a user’s PII (resulting in an illegal revocation of the user’s anonymity), and (2) poor performance due to the resource-intensive cryptographic operations required. The second and third contributions of this thesis are the proposal of two protocols that reduce the trust dependencies on the ARM during users’ anonymity revocation. Both protocols distribute trust from the ARM to a set of n referees (n > 1), resulting in a significant reduction of the probability of an anonymity revocation being performed illegally. The first protocol, called the User Centric Anonymity Revocation Protocol (UCARP), allows a user’s anonymity to be revoked in a user-centric manner (that is, the user is aware that his/her anonymity is about to be revoked). The second protocol, called the Anonymity Revocation Protocol with Re-encryption (ARPR), allows a user’s anonymity to be revoked by a service provider in an accountable manner (that is, there is a clear mechanism to determine which entity who can eventually learn - and possibly misuse - the identity of the user). The fourth contribution of this thesis is the proposal of a protocol called the Private Information Escrow bound to Multiple Conditions Protocol (PIEMCP). This protocol is designed to address the performance issue of CLS-ACS by applying the CLS-ACS in a federated single sign-on (FSSO) environment. Our analysis shows that PIEMCP can both reduce the amount of expensive modular exponentiation operations required and lower the risk of illegal revocation of users’ anonymity. Finally, the protocols proposed in this thesis are complex and need to be formally evaluated to ensure that their required security properties are satisfied. In this thesis, we use Coloured Petri nets (CPNs) and its corresponding state space analysis techniques. All of the protocols proposed in this thesis have been formally modeled and verified using these formal techniques. Therefore, the fifth contribution of this thesis is a demonstration of the applicability of CPN and its corresponding analysis techniques in modeling and verifying privacy enhancing protocols. To our knowledge, this is the first time that CPN has been comprehensively applied to model and verify privacy enhancing protocols. From our experience, we also propose several CPN modeling approaches, including complex cryptographic primitives (such as zero-knowledge proof protocol) modeling, attack parameterization, and others. The proposed approaches can be applied to other security protocols, not just privacy enhancing protocols.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

In this paper I analyse UK artist Alison Jones’ sonic interventions Portrait of the Artist by Proxy (2008), Voyeurism by Proxy (2008) and Art, Lies and Audio Tapes (2009). In Portrait of the Artist by Proxy, Jones – who, due to deteriorating vision, has not seen her reflection in a mirror in years – asks and trusts participants to audio-describe her own image back to her. In Voyeurism by Proxy, Jones asks participants to audio-describe erotic drawings by Gustav Klimt. In Art, Lies and Audio Tapes, Jones asks participants to audio-describe other artworks, such as W.F. Yeames’ And When Did You Last see Your Father?. In these portraits by proxy, Jones opens her image, and other images, to interpretation. In doing so, Jones draws attention to the way sight is privileged as a mode of access to fixed, fundamental truths in Western culture – a mode assumed to be untainted by filters that skew perception of the object. “In a culture where vision is by far the dominant sense,” Jones says, “and as a visual artist with a visual impairment, I am reliant on audio-description …Inevitably, there are limitations imposed by language, time and the interpreter’s background knowledge of the subject viewed, as well as their personal bias of what is deemed important to impart in their description” . In these works, Jones strips these background knowledges, biases and assumptions bare. She reveals different perceptions, as well as tendencies or censor, edit or exaggerate descriptions. In this paper, I investigate how, by revealing unconscious biases, Jones’ works renders herself and her participants vulnerable to a change of perception. I also examine how Jones’ later editing of the audio-descriptions allows her to show the instabilities of sight, and, in Portrait of the Artist by Proxy, to reclaim authorship of her own image.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

The US Securities and Exchange Comission requires registered management investment companies to disclose how they vote proxies relating to portfolio securities they hold. The primary purpose of this rule is to enable fund investors to monitor the role of institutional shareholders in the corporate governance practices of public companies. In Australia, despite reform proposals, there are no regulations requiring institutional investors to report proxy voting procedures and practises. There is little evidence of voluntary disclosure of proxy voting by Australian managed investment schemes in equities, indicating that there are costs involved in such disclosure.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Proxy reports from parents and self-reported data from pupils have often been used interchangeably to identify factors influencing school travel behaviour. However, few studies have examined the validity of proxy reports as an alternative to self-reported data. In addition, despite research that has been conducted in a different context, little is known to date about the impact of different factors on school travel behaviour in a sectarian divided society. This research examines these issues using 1624 questionnaires collected from four independent samples (e.g. primary pupils, parent of primary pupils, secondary pupils, and parent of secondary pupils) across Northern Ireland. An independent sample t test was conducted to identify the differences in data reporting between pupils and parents for different age groups using the reported number of trips for different modes as dependent variables. Multivariate multiple regression analyses were conducted to then identify the impacts of different factors (e.g. gender, rural–urban context, multiple deprivations, and school management type, net residential density, land use diversity, intersection density) on mode choice behaviour in this context. Results show that proxy report is a valid alternative to self-reported data, but only for primary pupils. Land use diversity and rural–urban context were found to be the most important factors in influencing mode choice behaviour.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Fatigue/sleepiness is recognised as an important contributory factor in fatal and serious injury road traffic incidents (RTIs), however, identifying fatigue/sleepiness as a causal factor remains an uncertain science. Within Australia attending police officers at a RTI report the causal factors; one option is fatigue/sleepiness. In some Australian jurisdictions police incident databases are subject to post hoc analysis using a proxy definition for fatigue/sleepiness. This secondary analysis identifies further RTIs caused by fatigue/sleepiness not initially identified by attending officers. The current study investigates the efficacy of such proxy definitions for attributing fatigue/sleepiness as a RTI causal factor. Over 1600 Australian drivers were surveyed regarding their experience and involvement in fatigue/sleep-related RTIs and near-misses during the past five years. Driving while fatigued/sleepy had been experienced by the majority of participants (66.0% of participants). Fatigue/sleep-related near misses were reported by 19.1% of participants, with 2.4% being involved in a fatigue/sleep-related RTI. Examination of the characteristics for the most recent event (either a near miss or crash) found that the largest proportion of incidents (28.0%) occurred when commuting to or from work, followed by social activities (25.1%), holiday travel (19.8%), or for work purposes (10.1%). The fatigue/sleep related RTI and near-miss experience of a representative sample of Australian drivers does not reflect the proxy definitions used for fatigue/sleepiness identification. In particular those RTIs that occur in urban areas and at slow speeds may not be identified. While important to have a strategy for identifying fatigue/sleepiness related RTIs proxy measures appear best suited to identifying specific subsets of such RTIs.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Proxy re-encryption (PRE) is a highly useful cryptographic primitive whereby Alice and Bob can endow a proxy with the capacity to change ciphertext recipients from Alice to Bob, without the proxy itself being able to decrypt, thereby providing delegation of decryption authority. Key-private PRE (KP-PRE) specifies an additional level of confidentiality, requiring pseudo-random proxy keys that leak no information on the identity of the delegators and delegatees. In this paper, we propose a CPA-secure PK-PRE scheme in the standard model (which we then transform into a CCA-secure scheme in the random oracle model). Both schemes enjoy highly desirable properties such as uni-directionality and multi-hop delegation. Unlike (the few) prior constructions of PRE and KP-PRE that typically rely on bilinear maps under ad hoc assumptions, security of our construction is based on the hardness of the standard Learning-With-Errors (LWE) problem, itself reducible from worst-case lattice hard problems that are conjectured immune to quantum cryptanalysis, or “post-quantum”. Of independent interest, we further examine the practical hardness of the LWE assumption, using Kannan’s exhaustive search algorithm coupling with pruning techniques. This leads to state-of-the-art parameters not only for our scheme, but also for a number of other primitives based on LWE published the literature.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

We revisit the venerable question of access credentials management, which concerns the techniques that we, humans with limited memory, must employ to safeguard our various access keys and tokens in a connected world. Although many existing solutions can be employed to protect a long secret using a short password, those solutions typically require certain assumptions on the distribution of the secret and/or the password, and are helpful against only a subset of the possible attackers. After briefly reviewing a variety of approaches, we propose a user-centric comprehensive model to capture the possible threats posed by online and offline attackers, from the outside and the inside, against the security of both the plaintext and the password. We then propose a few very simple protocols, adapted from the Ford-Kaliski server-assisted password generator and the Boldyreva unique blind signature in particular, that provide the best protection against all kinds of threats, for all distributions of secrets. We also quantify the concrete security of our approach in terms of online and offline password guesses made by outsiders and insiders, in the random-oracle model. The main contribution of this paper lies not in the technical novelty of the proposed solution, but in the identification of the problem and its model. Our results have an immediate and practical application for the real world: they show how to implement single-sign-on stateless roaming authentication for the internet, in a ad-hoc user-driven fashion that requires no change to protocols or infrastructure.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Background Quality of life (QOL) measures are an important patient-relevant outcome measure for clinical studies. Currently there is no fully validated cough-specific QOL measure for paediatrics. The objective of this study was to validate a cough-specific QOL questionnaire for paediatric use. Method 43 children (28 males, 15 females; median age 29 months, IQR 20–41 months) newly referred for chronic cough participated. One parent of each child completed the 27-item Parent Cough-Specific QOL questionnaire (PC-QOL), and the generic child (Pediatric QOL Inventory 4.0 (PedsQL)) and parent QOL questionnaires (SF-12) and two cough-related measures (visual analogue score and verbal category descriptive score) on two occasions separated by 2–3 weeks. Cough counts were also objectively measured on both occasions. Results Internal consistency for both the domains and total PC-QOL at both test times was excellent (Cronbach alpha range 0.70–0.97). Evidence for repeatability and criterion validity was established, with significant correlations over time and significant relationships with the cough measures. The PC-QOL was sensitive to change across the test times and these changes were significantly related to changes in cough measures (PC-QOL with: verbal category descriptive score, rs=−0.37, p=0.016; visual analogue score, rs=−0.47, p=0.003). Significant correlations of the difference scores for the social domain of the PC-QOL and the domain and total scores of the PedsQL were also noted (rs=0.46, p=0.034). Conclusion The PC-QOL is a reliable and valid outcome measure that assesses QOL related to childhood cough at a given time point and measures changes in cough-specific QOL over time.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Background Interventions to promote physical activity (PA) in children attending family child care homes (FCCHs) require valid, yet practical, measurement tools. The aim of this study was to assess the validity of two proxy report instruments designed to measure PA in children attending FCCHs. Methods A sample of 37 FCCH providers completed the Burdette parent proxy report, modified for the family child care setting for 107 children 3.4±1.2 years of age. A second sample of 42 FCCH providers completed the Harro parent and teacher proxy report, modified for the family child care setting, for 131 children 3.8±1.3 years of age. Both proxy reports were assessed for validity using accelerometry as a criterion measure. Results Significant positive correlations were observed between provider-reported PA scores from the modified Burdette proxy report and objectively measured total PA (r=0.30; p<0.01) and moderate-to-vigorous PA (MVPA; r=0.34; p<0.01). Across levels of provider-reported PA, both total PA and MVPA increased significantly in a linear dose-response fashion. The modified Harro proxy report was not associated with objectively measured PA. Conclusion Proxy PA reports completed by family child care providers may be a valid assessment option in studies where more burdensome objective measures are not feasible.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Parents and 531 students (46% males, 78% white) completed equivalent questionnaires. Agreement between student and parent responses to questions about hypothesized physical activity (PA) correlates was assessed. Relationships between hypothesized correlates and an objective measure of student's moderate-to-vigorous physical activity (MVPA) in a subset of 177 students were also investigated. Agreement between student and parent ranged from r = .34 to .64 for PA correlates. Spearman correlations between MVPA and PA correlates ranged from –.04 to .21 for student report and –.14 to .32 for parent report, and there were no statistical differences for 8 out of 9 correlations between parent and student. Parents can provide useful data on PA correlates for students in Grades 7–12.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

One-time proxy signatures are one-time signatures for which a primary signer can delegate his or her signing capability to a proxy signer. In this work we propose two one-time proxy signature schemes with different security properties. Unlike other existing one-time proxy signatures that are constructed from public key cryptography, our proposed schemes are based one-way functions without trapdoors and so they inherit the communication and computation efficiency from the traditional one-time signatures. Although from a verifier point of view, signatures generated by the proxy are indistinguishable from those created by the primary signer, a trusted authority can be equipped with an algorithm that allows the authority to settle disputes between the signers. In our constructions, we use a combination of one-time signatures, oblivious transfer protocols and certain combinatorial objects. We characterise these new combinatorial objects and present constructions for them.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Handover performance is critical to support real-time traffic applications in wireless network communications. The longer the handover delay is, the longer an Mobile Node (MN) is prevented from sending and receiving any data packet. In real-time network communication applications, such as VoIP and video-conference, a long handover delay is often unacceptable. In order to achieve better handover performance, Fast Proxy Mobile IPv6 (FPMIPv6) has been standardised as an improvement to the original Proxy Mobile IPv6 (PMIPv6) in the Internet Engineering Task Force (IETF). The FPMIPv6 adopts a link layer triggering mechanism to perform two modes of operation: predictive and reactive modes. Using the link layer triggering, the handover performance of the FPMIPv6 can be improved in the predictive mode. However, an unsuccessful predictive handover operation will lead to activation of a reactive handover. In the reactive mode, MNs still experience long handover delays and a large amount of packet loss, which significantly degrade the handover performance of the FPMIPv6. Addressing this problem, this thesis presents an Enhanced Triggering Mechanism (ETM) in the FPMIPv6 to form an enhanced FPMIPv6 (eFPMIPv6). The ETM reduces the most time consuming processes in the reactive handover: the failed Handover Initiate (HO-Initiate) delay and bidirectional tunnel establishment delay. Consequently, the overall handover performance of the FPMIPv6 is enhanced in the eFPMIPv6. To show the advantages of the proposed eFPMIPv6, a theoretical analysis is carried out to mathematically model the performance of PMIPv6, FPMIPv6 and eFPMIPv6. Extensive case studies are conducted to validate the effectiveness of the presented eFPMIPv6 mechanism. They are carried out under various scenarios with changes in network link delay, traffic load, number of hops and MN moving velocity. The case studies show that the proposed mechanism ETM reduces the reactive handover delay, and the presented eFPMIPv6 outperforms the PMIPv6 and FPMIPv6 in terms of the overall handover performance.