621 resultados para outsourcing decryption
Resumo:
En esta tesis se aborda el problema de la externalización segura de servicios de datos y computación. El escenario de interés es aquel en el que el usuario posee datos y quiere subcontratar un servidor en la nube (“Cloud”). Además, el usuario puede querer también delegar el cálculo de un subconjunto de sus datos al servidor. Se presentan dos aspectos de seguridad relacionados con este escenario, en concreto, la integridad y la privacidad y se analizan las posibles soluciones a dichas cuestiones, aprovechando herramientas criptográficas avanzadas, como el Autentificador de Mensajes Homomórfico (“Homomorphic Message Authenticators”) y el Cifrado Totalmente Homomórfico (“Fully Homomorphic Encryption”). La contribución de este trabajo es tanto teórica como práctica. Desde el punto de vista de la contribución teórica, se define un nuevo esquema de externalización (en lo siguiente, denominado con su término inglés Outsourcing), usando como punto de partida los artículos de [3] y [12], con el objetivo de realizar un modelo muy genérico y flexible que podría emplearse para representar varios esquemas de ”outsourcing” seguro. Dicho modelo puede utilizarse para representar esquemas de “outsourcing” seguro proporcionando únicamente integridad, únicamente privacidad o, curiosamente, integridad con privacidad. Utilizando este nuevo modelo también se redefine un esquema altamente eficiente, construido en [12] y que se ha denominado Outsourcinglin. Este esquema permite calcular polinomios multivariados de grado 1 sobre el anillo Z2k . Desde el punto de vista de la contribución práctica, se ha construido una infraestructura marco (“Framework”) para aplicar el esquema de “outsourcing”. Seguidamente, se ha testado dicho “Framework” con varias implementaciones, en concreto la implementación del criptosistema Joye-Libert ([18]) y la implementación del esquema propio Outsourcinglin. En el contexto de este trabajo práctico, la tesis también ha dado lugar a algunas contribuciones innovadoras: el diseño y la implementación de un nuevo algoritmo de descifrado para el esquema de cifrado Joye-Libert, en colaboración con Darío Fiore. Presenta un mejor comportamiento frente a los algoritmos propuestos por los autores de [18];la implementación de la función eficiente pseudo-aleatoria de forma amortizada cerrada (“amortized-closed-form efficient pseudorandom function”) de [12]. Esta función no se había implementado con anterioridad y no supone un problema trivial, por lo que este trabajo puede llegar a ser útil en otros contextos. Finalmente se han usado las implementaciones durante varias pruebas para medir tiempos de ejecución de los principales algoritmos.---ABSTRACT---In this thesis we tackle the problem of secure outsourcing of data and computation. The scenario we are interested in is that in which a user owns some data and wants to “outsource” it to a Cloud server. Furthermore, the user may want also to delegate the computation over a subset of its data to the server. We present the security issues related to this scenario, namely integrity and privacy and we analyse some possible solutions to these two issues, exploiting advanced cryptographic tools, such as Homomorphic Message Authenticators and Fully Homomorphic Encryption. Our contribution is both theoretical and practical. Considering our theoretical contribution, using as starting points the articles of [3] and [12], we introduce a new cryptographic primitive, called Outsourcing with the aim of realizing a very generic and flexible model that might be employed to represent several secure outsourcing schemes. Such model can be used to represent secure outsourcing schemes that provide only integrity, only privacy or, interestingly, integrity with privacy. Using our new model we also re-define an highly efficient scheme constructed in [12], that we called Outsourcinglin and that is a scheme for computing multi-variate polynomials of degree 1 over the ring Z2k. Considering our practical contribution, we build a Framework to implement the Outsourcing scheme. Then, we test such Framework to realize several implementations, specifically the implementation of the Joye-Libert cryptosystem ([18]) and the implementation of our Outsourcinglin scheme. In the context of this practical work, the thesis also led to some novel contributions: the design and the implementation, in collaboration with Dario Fiore, of a new decryption algorithm for the Joye-Libert encryption scheme, that performs better than the algorithms proposed by the authors in [18]; the implementation of the amortized-closed-form efficient pseudorandom function of [12]. There was no prior implementation of this function and it represented a non trivial work, which can become useful in other contexts. Finally we test the implementations to execute several experiments for measuring the timing performances of the main algorithms.
Resumo:
What an organisation does versus what it out-sources to the market is a classic boundaries of the firm question that has previously been dominated by efficiency arguments. However, a knowledge-based view suggests these boundaries are integral to the ability of a firm to deploy existing knowledge stocks efficiently, as well as develop new knowledge through learning that will drive future competitiveness. Furthermore, the nature of these boundaries, in respect of their permeability is critical in understanding the likelihood of knowledge flowing into and out of the organisation. Using these concepts, we present a case study of Main Roads Western Australia to illustrate how these principles have allowed it to start rebuilding its internal capabilities through repositioning its operational boundaries and via ensuring their boundaries are highly porous as they move more major projects into alliance contracts.
Resumo:
Purpose – To determine whether or not clockspeed is an important variable in outsourcing strategies throughout the development of radical innovations. Design/methodology/approach – An internet-based survey of manufacturing firms from all over the world. Findings – An industry's clockspeed does not play a significant role in the success or failure of a particular outsourcing strategy for a radical innovation. Research limitations/implications – Conclusions from earlier research in this area are not necessarily industry-specific. Practical implications – Lessons learned via previous investigations about the computer industry need not be confined to that sector. Vertical integration may be a more robust outsourcing strategy when developing a radical innovation in industries of all clockspeeds. Originality/value – Previous research efforts in this field focused on a single technology jump, but this approach may have overlooked a potentially important variable: industry clockspeed. Thus, this investigation explores whether clockspeed is an important factor.
Resumo:
Significant empirical data from the fields of management and business strategy suggest that it is a good idea for a company to make in-house the components and processes underpinning a new technology. Other evidence suggests exactly the opposite, saying that firms would be better off buying components and processes from outside suppliers. One possible explanation for this lack of convergence is that earlier research in this area has overlooked two important aspects of the problem: reputation and trust. To gain insight into how these variables may impact make-buy decisions throughout the innovation process, the Sporas algorithm for measuring reputation was added to an existing agent-based model of how firms interact with each other throughout the development of new technologies. The model�s results suggest that reputation and trust do not play a significant role in the long-term fortunes of an individual firm as it contends with technological change in the marketplace. Accordingly, this model serves as a cue for management researchers to investigate more thoroughly the temporal limitations and contingencies that determine how the trust between firms may affect the R&D process.
Resumo:
In this paper we analyse the oursourcing of accounting services. The extent to which firms are currently outsourcing, or considering outsourcing such services, and the motivations and barriers associated with outsourcing are identified. Empirical data from a random sample of accounting firms are used in this analysis. Data indicate that the majority of accounting firms are either currently outsourcing or considering outsourcing and that they exopect the volume of oursourced services to increase. In contrast to the scholarly literature advocating labor arbitrage as the primary driver for organizations choosing to outsource, in this study it was found that the main factors underpinning the decision to outsource were the expediting of service delivary to clients, and to enable the firm to focus on its core competencies.
Resumo:
In the medical and healthcare arena, patients‟ data is not just their own personal history but also a valuable large dataset for finding solutions for diseases. While electronic medical records are becoming popular and are used in healthcare work places like hospitals, as well as insurance companies, and by major stakeholders such as physicians and their patients, the accessibility of such information should be dealt with in a way that preserves privacy and security. Thus, finding the best way to keep the data secure has become an important issue in the area of database security. Sensitive medical data should be encrypted in databases. There are many encryption/ decryption techniques and algorithms with regard to preserving privacy and security. Currently their performance is an important factor while the medical data is being managed in databases. Another important factor is that the stakeholders should decide more cost-effective ways to reduce the total cost of ownership. As an alternative, DAS (Data as Service) is a popular outsourcing model to satisfy the cost-effectiveness but it takes a consideration that the encryption/ decryption modules needs to be handled by trustworthy stakeholders. This research project is focusing on the query response times in a DAS model (AES-DAS) and analyses the comparison between the outsourcing model and the in-house model which incorporates Microsoft built-in encryption scheme in a SQL Server. This research project includes building a prototype of medical database schemas. There are 2 types of simulations to carry out the project. The first stage includes 6 databases in order to carry out simulations to measure the performance between plain-text, Microsoft built-in encryption and AES-DAS (Data as Service). Particularly, the AES-DAS incorporates implementations of symmetric key encryption such as AES (Advanced Encryption Standard) and a Bucket indexing processor using Bloom filter. The results are categorised such as character type, numeric type, range queries, range queries using Bucket Index and aggregate queries. The second stage takes the scalability test from 5K to 2560K records. The main result of these simulations is that particularly as an outsourcing model, AES-DAS using the Bucket index shows around 3.32 times faster than a normal AES-DAS under the 70 partitions and 10K record-sized databases. Retrieving Numeric typed data takes shorter time than Character typed data in AES-DAS. The aggregation query response time in AES-DAS is not as consistent as that in MS built-in encryption scheme. The scalability test shows that the DBMS reaches in a certain threshold; the query response time becomes rapidly slower. However, there is more to investigate in order to bring about other outcomes and to construct a secured EMR (Electronic Medical Record) more efficiently from these simulations.
Resumo:
Patient satisfaction with foodservices is multidimensional. It is well recognised that food and other aspects of foodservice delivery are important elements of patients overall perception of the hospital experience. This study aimed to determine whether menu changes in 2008 at an acute private hospital, considered negative by the dietetic staff, would affect patient satisfaction with the foodservice. Changes to the menu, secondary to the refurbishment of the foodservice facilities decreased the number of choices at breakfast from six to four, and altered the dessert menu to include a larger proportion of commercially produced products. The Acute Care Hospital Foodservice Patient Satisfaction Questionnaire (ACHFPSQ) was utilised to assess patient satisfaction with the menu changes, as it has proven accuracy and reliability in measuring patient satisfaction. Results of the survey (n=306) were compared to data with previous ACHFPSQ surveys conducted annually since 2003. Data analysed included overall foodservice satisfaction and four dimensions of foodservice satisfaction: food quality, meal service quality, staff/service issues and the physical environment. Satisfaction targets were set at 4 (scale 1–5) for each foodservice dimension. Analysis showed that despite changes to the menu, overall foodservice satisfaction rated high, with a score of 4.3. Eighty-six percent of patients rated the foodservice as either ‘very good’ or ‘good’. The four foodservice dimensions were rated highly (4.2–4.8). Findings were consistent with previous survey results, demonstrating a high level of patient satisfaction across all dimensions of the foodservice, despite changes to the menu. The annual ACHFPSQ was of value to this practice question.
Multi-level knowledge transfer in software development outsourcing projects : the agency theory view
Resumo:
In recent years, software development outsourcing has become even more complex. Outsourcing partner have begun‘re- outsourcing’ components of their projects to other outsourcing companies to minimize cost and gain efficiencies, creating a multi-level hierarchy of outsourcing. This research in progress paper presents preliminary findings of a study designed to understand knowledge transfer effectiveness of multi-level software development outsourcing projects. We conceptualize the SD-outsourcing entities using the Agency Theory. This study conceptualizes, operationalises and validates the concept of Knowledge Transfer as a three-phase multidimensional formative index of 1) Domain knowledge, 2) Communication behaviors, and 3) Clarity of requirements. Data analysis identified substantial, significant differences between the Principal and the Agent on two of the three constructs. Using Agency Theory, supported by preliminary findings, the paper also provides prescriptive guidelines of reducing the friction between the Principal and the Agent in multi-level software outsourcing.
Resumo:
Availability has become a primary goal of information security and is as significant as other goals, in particular, confidentiality and integrity. Maintaining availability of essential services on the public Internet is an increasingly difficult task in the presence of sophisticated attackers. Attackers may abuse limited computational resources of a service provider and thus managing computational costs is a key strategy for achieving the goal of availability. In this thesis we focus on cryptographic approaches for managing computational costs, in particular computational effort. We focus on two cryptographic techniques: computational puzzles in cryptographic protocols and secure outsourcing of cryptographic computations. This thesis contributes to the area of cryptographic protocols in the following ways. First we propose the most efficient puzzle scheme based on modular exponentiations which, unlike previous schemes of the same type, involves only a few modular multiplications for solution verification; our scheme is provably secure. We then introduce a new efficient gradual authentication protocol by integrating a puzzle into a specific signature scheme. Our software implementation results for the new authentication protocol show that our approach is more efficient and effective than the traditional RSA signature-based one and improves the DoSresilience of Secure Socket Layer (SSL) protocol, the most widely used security protocol on the Internet. Our next contributions are related to capturing a specific property that enables secure outsourcing of cryptographic tasks in partial-decryption. We formally define the property of (non-trivial) public verifiability for general encryption schemes, key encapsulation mechanisms (KEMs), and hybrid encryption schemes, encompassing public-key, identity-based, and tag-based encryption avors. We show that some generic transformations and concrete constructions enjoy this property and then present a new public-key encryption (PKE) scheme having this property and proof of security under the standard assumptions. Finally, we combine puzzles with PKE schemes for enabling delayed decryption in applications such as e-auctions and e-voting. For this we first introduce the notion of effort-release PKE (ER-PKE), encompassing the well-known timedrelease encryption and encapsulated key escrow techniques. We then present a security model for ER-PKE and a generic construction of ER-PKE complying with our security notion.
Resumo:
The main theme of this thesis is to allow the users of cloud services to outsource their data without the need to trust the cloud provider. The method is based on combining existing proof-of-storage schemes with distance-bounding protocols. Specifically, cloud customers will be able to verify the confidentiality, integrity, availability, fairness (or mutual non-repudiation), data freshness, geographic assurance and replication of their stored data directly, without having to rely on the word of the cloud provider.
Resumo:
The purpose of this paper is to provide an evolutionary perspective of cloud computing (CC) by integrating two previously disparate literatures: CC and information technology outsourcing (ITO). We review the literature and develop a framework that highlights the demand for the CC service, benefits, risks, as well as risk mitigation strategies that are likely to influence the success of the service. CC success in organisations and as a technology overall is a function of (i) the outsourcing decision and supplier selection, (ii) contractual and relational governance, and (iii) industry standards and legal framework. Whereas CC clients have little control over standards and/or the legal framework, they are able to influence other factors to maximize the benefits while limiting the risks. This paper provides guidelines for (potential) cloud computing users with respect to the outsourcing decision, vendor selection, service-level-agreements, and other issues that need to be addressed when opting for CC services. We contribute to the literature by providing an evolutionary and holistic view of CC that draws on the extensive literature and theory of ITO. We conclude the paper with a number of research paths that future researchers can follow to advance the knowledge in this field.
Resumo:
Outsourcing, or contracting-out as it is also known, is a prevalent business practice across all sectors of the economy. This entry will give a number of explanations about why organizations outsource, as well as a number of difficulties which may be encountered when outsourcing...
Resumo:
Purpose - Contemporary offshore Information System Development (ISD) outsourcing is becoming even more complex. Outsourcing partner has begun ‘re-outsourcing’ components of their projects to other outsourcing companies to minimize cost and gain efficiencies. This paper aims to explore intra-organizational Information Asymmetry of re-outsourced offshore ISD outsourcing projects. Design/methodology/approach - An online survey was conducted to get an overall view of Information Asymmetry between Principal and Agents (as per the Agency theory). Findings - Statistical analysis showed that there are significant differences between the Principal and Agent on clarity of requirements, common domain knowledge and communication effectiveness constructs, implying an unbalanced relationship between the parties. Moreover, our results showed that these three are significant measurement constructs of Information Asymmetry. Research limitations/implications - In our study we have only considered three main factors as common domain knowledge, clarity of requirements and communication effectiveness as three measurement constructs of Information Asymmetry. Therefore, researches are encouraged to test the proposed constructs further to increase its precision. Practical implications - Our analysis indicates significant differences in all three measurement constructs, implying the difficulties to ensure that the Agent is performing according to the requirements of the Principal. Using the Agency theory as theoretical view, this study sheds light on the best contract governing methods which minimize Information Asymmetry between the multiple partners within ISD outsourcing organizations. Originality/value - Currently, to the best of our knowledge, no study has undertaken research on Intra-organizational Information Asymmetry in re-outsourced offshore ISD outsourcing projects.
Resumo:
The Control Theory has provided a useful theoretical foundation for Information Systems development outsourcing (ISD-outsourcing) to examine the co-ordination between the client and the vendor. Recent research identified two control mechanisms: structural (structure of the control mode) and process (the process through which the control mode is enacted). Yet, the Control Theory research to-date does not describe the ways in which the two control mechanisms can be combined to ensure project success. Grounded in case study data of eight ISD-outsourcing projects, we derive three ‘control configurations’; i) aligned, ii) negotiated, and 3) self-managed, which describe the combinative patterns of structural and process control mechanisms within and across control modes.
