Enhancing human security through crisis management : opportunities and challenges for learning

Inhimilliseen turvallisuuteen kriisinhallinnan kautta – oppimisen mahdollisuuksia ja haasteita Kylmän sodan jälkeen aseelliset konfliktit ovat yleensä alkaneet niin sanotuissa hauraissa valtioissa ja köyhissä maissa, ne ovat olleet valtioiden sisäisiä ja niihin on osallistunut ei-valtiollisia aseellisia ryhmittymiä. Usein ne johtavat konfliktikierteeseen, jossa sota ja vakaammat olot vaihtelevat. Koska kuolleisuus konflikteissa voi jäädä alle kansainvälisen määritelmän (1000 kuollutta vuodessa), kutsun tällaisia konflikteja ”uusiksi konflikteiksi”. Kansainvälinen yhteisö on pyrkinyt kehittämään kriisinhallinnan ja rauhanrakentamisen malleja, jotta pysyvä rauhantila saataisiin aikaiseksi. Inhimillinen turvallisuus perustuu näkemykseen, jossa kunnioitetaan jokaisen yksilön ihmisoikeuksia ja jolla on vaikutusta myös kriisinhallinnan ja rauhanrakentamisen toteuttamiseen. Tutkimukseen kuuluu kaksi empiiristä osaa: Delfoi tulevaisuuspaneeliprosessin sekä kriisinhallintahenkilöstön haastattelut. Viisitoista eri alojen kriisinhallinta-asiantuntijaa osallistui paneeliin, joka toteutettiin vuonna 2008. Paneelin tulosten mukaan tulevat konfliktit usein ovat uusien konfliktien kaltaisia. Lisäksi kriisinhallintahenkilöstöltä edellytetään vuorovaikutus- ja kommunikaatiokykyä ja luonnollisesti myös varsinaisia ammatillisia valmiuksia. Tulevaisuuspaneeli korosti vuorovaikutus- ja kommunikaatiotaitoja erityisesti siviilikriisinhallintahenkilöstön kompetensseissa, mutta samat taidot painottuivat sotilaallisen kriisinhallinnan henkilöstön kompetensseissakin. Kriisinhallinnassa tarvitaan myös selvää työnjakoa eri toimijoiden kesken. Kosovossa työskennelleen henkilöstön haastatteluaineisto koostui yhteensä 27 teemahaastattelusta. Haastateltavista 9 oli ammattiupseeria, 10 reservistä rekrytoitua rauhanturvaajaa ja 8 siviilikriisinhallinnassa työskennellyttä henkilöä. Haastattelut toteutettiin helmi- ja kesäkuun välisenä aikana vuonna 2008. Haastattelutuloksissa korostui vuorovaikutus- ja kommunikaatiotaitojen merkitys, sillä monissa käytännön tilanteissa haastateltavat olivat ratkoneet ongelmia yhteistyössä muun kriisinhallintahenkilöstön tai paikallisten asukkaiden kanssa. Kriisinhallinnassa toteutui oppimisprosesseja, jotka usein olivat luonteeltaan myönteisiä ja informaalisia. Tällaisten onnistumisten vaikutus yksilön minäkuvaan oli myönteinen. Tällaisia prosesseja voidaan kuvata ”itseä koskeviksi oivalluksiksi”. Kriisinhallintatehtävissä oppimisella on erityinen merkitys, jos halutaan kehittää toimintoja inhimillisen turvallisuuden edistämiseksi. Siksi on tärkeää, että kriisinhallintakoulutusta ja kriisinhallintatyössä oppimista kehitetään ottamaan huomioon oppimisen eri tasot ja ulottuvuudet sekä niiden merkitys. Informaaliset oppimisen muodot olisi otettava paremmin huomioon kriisinhallintakoulutusta ja kriisinhallintatehtävissä oppimista kehitettäessä. Palautejärjestelmää olisi kehitettävä eri tavoin. Koko kriisinhallintaoperaation on saatava tarvittaessa myös kriittistä palautetta onnistumisista ja epäonnistumisista. Monet kriisinhallinnassa työskennelleet kaipaavat kunnollista palautetta työrupeamastaan. Liian rutiininomaiseksi koettu palaute ei edistä yksilön oppimista. Spontaanisti monet haastatellut pitivät tärkeänä, että kriisinhallinnassa työskennelleillä olisi mahdollisuus debriefing- tyyppiseen kotiinpaluukeskusteluun. Pelkkä tällainen mahdollisuus ilmeisesti voisi olla monelle myönteinen uutinen, vaikka tilaisuutta ei hyödynnettäisikään. Paluu kriisinhallintatehtävistä Suomeen on monelle haasteellisempaa kuin näissä tehtävissä työskentelyn aloittaminen ulkomailla. Tutkimuksen tulokset kannustavat tutkimaan kriisinhallintaa oppimisen näkökulmasta. On myös olennaista, että kriisinhallinnan palautejärjestelmiä kehitetään mahdollisimman hyvin edistämään sekä yksilöllistä että organisatorista oppimista kriisinhallinnassa. Kriisinhallintaoperaatio on oppimisympäristö. Kriisinhallintahenkilöstön kommunikaatio- ja vuorovaikutustaitojen kehittäminen on olennaista tavoiteltaessa kestävää rauhanprosessia, jossa konfliktialueen asukkaatkin ovat mukana.

Knapsack sets for cryptography

The basic goal of this study is to extend old and propose new ways to generate knapsack sets suitable for use in public key cryptography. The knapsack problem and its cryptographic use are reviewed in the introductory chapter. Terminology is based on common cryptographic vocabulary. For example, solving the knapsack problem (which is here a subset sum problem) is termed decipherment. Chapter 1 also reviews the most famous knapsack cryptosystem, the Merkle Hellman system. It is based on a superincreasing knapsack and uses modular multiplication as a trapdoor transformation. The insecurity caused by these two properties exemplifies the two general categories of attacks against knapsack systems. These categories provide the motivation for Chapters 2 and 4. Chapter 2 discusses the density of a knapsack and the dangers of having a low density. Chapter 3 interrupts for a while the more abstract treatment by showing examples of small injective knapsacks and extrapolating conjectures on some characteristics of knapsacks of larger size, especially their density and number. The most common trapdoor technique, modular multiplication, is likely to cause insecurity, but as argued in Chapter 4, it is difficult to find any other simple trapdoor techniques. This discussion also provides a basis for the introduction of various categories of non injectivity in Chapter 5. Besides general ideas of non injectivity of knapsack systems, Chapter 5 introduces and evaluates several ways to construct such systems, most notably the "exceptional blocks" in superincreasing knapsacks and the usage of "too small" a modulus in the modular multiplication as a trapdoor technique. The author believes that non injectivity is the most promising direction for development of knapsack cryptosystema. Chapter 6 modifies two well known knapsack schemes, the Merkle Hellman multiplicative trapdoor knapsack and the Graham Shamir knapsack. The main interest is in aspects other than non injectivity, although that is also exploited. In the end of the chapter, constructions proposed by Desmedt et. al. are presented to serve as a comparison for the developments of the subsequent three chapters. Chapter 7 provides a general framework for the iterative construction of injective knapsacks from smaller knapsacks, together with a simple example, the "three elements" system. In Chapters 8 and 9 the general framework is put into practice in two different ways. Modularly injective small knapsacks are used in Chapter 9 to construct a large knapsack, which is called the congruential knapsack. The addends of a subset sum can be found by decrementing the sum iteratively by using each of the small knapsacks and their moduli in turn. The construction is also generalized to the non injective case, which can lead to especially good results in the density, without complicating the deciphering process too much. Chapter 9 presents three related ways to realize the general framework of Chapter 7. The main idea is to join iteratively small knapsacks, each element of which would satisfy the superincreasing condition. As a whole, none of these systems need become superincreasing, though the development of density is not better than that. The new knapsack systems are injective but they can be deciphered with the same searching method as the non injective knapsacks with the "exceptional blocks" in Chapter 5. The final Chapter 10 first reviews the Chor Rivest knapsack system, which has withstood all cryptanalytic attacks. A couple of modifications to the use of this system are presented in order to further increase the security or make the construction easier. The latter goal is attempted by reducing the size of the Chor Rivest knapsack embedded in the modified system. '

Security in multicast communication

Multicast is one method to transfer information in IPv4 based communication. Other methods are unicast and broadcast. Multicast is based on the group concept where data is sent from one point to a group of receivers and this remarkably saves bandwidth. Group members express an interest to receive data by using Internet Group Management Protocol and traffic is received by only those receivers who want it. The most common multicast applications are media streaming applications, surveillance applications and data collection applications. There are many data security methods to protect unicast communication that is the most common transfer method in Internet. Popular data security methods are encryption, authentication, access control and firewalls. The characteristics of multicast such as dynamic membership cause that all these data security mechanisms can not be used to protect multicast traffic. Nowadays the protection of multicast traffic is possible via traffic restrictions where traffic is allowed to propagate only to certain areas. One way to implement this is packet filters. Methods tested in this thesis are MVR, IGMP Filtering and access control lists which worked as supposed. These methods restrict the propagation of multicast but are laborious to configure in a large scale. There are also a few manufacturerspecific products that make possible to encrypt multicast traffic. These separate products are expensive and mainly intended to protect video transmissions via satellite. Investigation of multicast security has taken place for several years and the security methods that will be the results of the investigation are getting ready. An IETF working group called MSEC is standardizing these security methods. The target of this working group is to standardize data security protocols for multicast during 2004.

Developing customer need based services in personal security service industry

The purpose of this thesis is to examine how services can be developed and how the voice of the customer can be incorporated to the strategic planning of services. Furthermore, the objective is to investigate the methods of customer need analysis and service bundling. The data is collected from secondary and primary sources by reviewing the existing academic literature and by conducting in-depth interviews and surveys. The main findings of this research indicate that the service development in personal security service industry should be conducted through a formalized process and the process should begin with setting the strategic objectives. Moreover, the voice of the customer should be incorporated into all stages of the development process, especially into the front-end of the process. Furthermore, the information on customer needs should be gathered in a manner tailored for the purposes of service development.

A cyber security architecture for military networks using a cognitive network approach

Cyber security is one of the main topics that are discussed around the world today. The threat is real, and it is unlikely to diminish. People, business, governments, and even armed forces are networked in a way or another. Thus, the cyber threat is also facing military networking. On the other hand, the concept of Network Centric Warfare sets high requirements for military tactical data communications and security. A challenging networking environment and cyber threats force us to consider new approaches to build security on the military communication systems. The purpose of this thesis is to develop a cyber security architecture for military networks, and to evaluate the designed architecture. The architecture is described as a technical functionality. As a new approach, the thesis introduces Cognitive Networks (CN) which are a theoretical concept to build more intelligent, dynamic and even secure communication networks. The cognitive networks are capable of observe the networking environment, make decisions for optimal performance and adapt its system parameter according to the decisions. As a result, the thesis presents a five-layer cyber security architecture that consists of security elements controlled by a cognitive process. The proposed architecture includes the infrastructure, services and application layers that are managed and controlled by the cognitive and management layers. The architecture defines the tasks of the security elements at a functional level without introducing any new protocols or algorithms. For evaluating two separated method were used. The first method is based on the SABSA framework that uses a layered approach to analyze overall security of an organization. The second method was a scenario based method in which a risk severity level is calculated. The evaluation results show that the proposed architecture fulfills the security requirements at least at a high level. However, the evaluation of the proposed architecture proved to be very challenging. Thus, the evaluation results must be considered very critically. The thesis proves the cognitive networks are a promising approach, and they provide lots of benefits when designing a cyber security architecture for the tactical military networks. However, many implementation problems exist, and several details must be considered and studied during the future work.

A Study of Privacy Preserving Queries with Bloom Filters

This thesis focuses on the private membership test (PMT) problem and presents three single server protocols to resolve this problem. In the presented solutions, a client can perform an inclusion test for some record x in a server's database, without revealing his record. Moreover after executing the protocols, the contents of server's database remain secret. In each of these solutions, a different cryptographic protocol is utilized to construct a privacy preserving variant of Bloom filter. The three suggested solutions are slightly different from each other, from privacy perspective and also from complexity point of view. Therefore, their use cases are different and it is impossible to choose one that is clearly the best between all three. We present the software developments of the three protocols by utilizing various pseudocodes. The performance of our implementation is measured based on a real case scenario. This thesis is a spin-off from the Academy of Finland research project "Cloud Security Services".

A Study of Privacy Preserving Queries with Bloom Filters

This thesis focuses on the private membership test (PMT) problem and presents three single server protocols to resolve this problem. In the presented solutions, a client can perform an inclusion test for some record x in a server's database, without revealing his record. Moreover after executing the protocols, the contents of server's database remain secret. In each of these solutions, a different cryptographic protocol is utilized to construct a privacy preserving variant of Bloom filter. The three suggested solutions are slightly different from each other, from privacy perspective and also from complexity point of view. Therefore, their use cases are different and it is impossible to choose one that is clearly the best between all three. We present the software developments of the three protocols by utilizing various pseudocodes. The performance of our implementation is measured based on a real case scenario. This thesis is a spin-off from the Academy of Finland research project "Cloud Security Services".