Mobile phone use and driving : the message is just not getting through

Previous research has shown that mobile phone use while driving can increase crash risk fourfold while texting results in 23 times greater crash risk for heavy vehicle drivers. However, mobile phone use has changed in recent years with the functional capabilities of smart phones to now also include a range of other common behaviours while driving such as using Facebook, emailing, the use of ‘apps’, and GPS. Research continues to show performance decrements for many such behaviours while driving, however many Australians still openly admit to illegal mobile phone use while driving despite ongoing enforcement efforts and public awareness campaigns. Of most concern are young drivers. ‘Apps’ available to restrict mobile phone use while in motion do not prevent use while a driver is stopped at traffic lights, so are therefore not a wholly viable solution. Vehicle manufacturers continue to develop in-vehicle technology to minimise distraction, however communication with the ‘outside world’ while driving is also perhaps a strong selling point for vehicles. Hence, the safety message that drivers should focus on the driving task solely and not use communication devices is unlikely to ever be internalised by many drivers. This paper reviews the available literature on the topic and argues that a better understanding of perceptions of mobile phone use while driving and motives for use are required to inform public awareness campaign development for specific road user groups. Additionally, illegal phone use while driving may be reinforced by not being apprehended (punishment avoidance), therefore stronger deterrence-focussed messages may also be beneficial.

Formalising human recognition : a fundamental building block for security proofs

A fundamental part of many authentication protocols which authenticate a party to a human involves the human recognizing or otherwise processing a message received from the party. Examples include typical implementations of Verified by Visa in which a message, previously stored by the human at a bank, is sent by the bank to the human to authenticate the bank to the human; or the expectation that humans will recognize or verify an extended validation certificate in a HTTPS context. This paper presents general definitions and building blocks for the modelling and analysis of human recognition in authentication protocols, allowing the creation of proofs for protocols which include humans. We cover both generalized trawling and human-specific targeted attacks. As examples of the range of uses of our construction, we use the model presented in this paper to prove the security of a mutual authentication login protocol and a human-assisted device pairing protocol.

Indirect message injection for MAC generation

This paper presents a model for the generation of a MAC tag using a stream cipher. The input message is used indirectly to control segments of the keystream that form the MAC tag. Several recent proposals can be considered as instances of this general model, as they all perform message accumulation in this way. However, they use slightly different processes in the message preparation and finalisation phases. We examine the security of this model for different options and against different types of attack, and conclude that the indirect injection model can be used to generate MAC tags securely for certain combinations of options. Careful consideration is required at the design stage to avoid combinations of options that result in susceptibility to forgery attacks. Additionally, some implementations may be vulnerable to side-channel attacks if used in Authenticated Encryption (AE) algorithms. We give design recommendations to provide resistance to these attacks for proposals following this model.

Countermeasures to driver sleepiness : is the message getting through?

The most effective countermeasures to driver sleepiness (caffeine and a nap, ideally in combination) are not the most popular choice for UK drivers. Groups susceptible to driver sleepiness (OSA patients and truck drivers) do not favour effective countermeasures to driver sleepiness. Prior experience of driver sleepiness does not promote an effective choice of countermeasure.

Breaking the code of silence : the Wood Royal Commission into New South Wales police : a brief overview

The three-volume Final Report of the Wood inquiry into NSW Police (Royal Commission Into the New South Wales Police Service, 'Final Report, Vol I: Corruption; Vol II: Reform; Vol III: Appendices', May 1997) was publicly released on 15 May 1997, to much media fanfare. The Sydney Morning Herald (SMH) devoted an 8-page special report on I May to the pending release of the Inquiry Report, headed The Police Purge. On the day of the public release of the Report, the SMH five-page 'Special Report' under the banner The Police Verdict was headlined Wood, Carr Split on Drugs. The Australian led with Call for Drug Law Revamp, Force Overhaul to Fight Corruption, Wood Attacks Culture of Greed, and the Daily Telegraph front page 'Final Verdict' was True Blue Strategy for an Honest Police Force...

HPAKE : Password authentication secure against cross-site user impersonation

We propose a new kind of asymmetric mutual authentication from passwords with stronger privacy against malicious servers, lest they be tempted to engage in “cross-site user impersonation” to each other. It enables a person to authenticate (with) arbitrarily many independent servers, over adversarial channels, using a memorable and reusable single short password. Beside the usual PAKE security guarantees, our framework goes to lengths to secure the password against brute-force cracking from privileged server information.

Quantum direct secret sharing with efficient eavesdropping-check and authentication based on distributed fountain codes

We propose to use a simple and effective way to achieve secure quantum direct secret sharing. The proposed scheme uses the properties of fountain codes to allow a realization of the physical conditions necessary for the implementation of no-cloning principle for eavesdropping-check and authentication. In our scheme, to achieve a variety of security purposes, nonorthogonal state particles are inserted in the transmitted sequence carrying the secret shares to disorder it. However, the positions of the inserted nonorthogonal state particles are not announced directly, but are obtained by sending degrees and positions of a sequence that are pre-shared between Alice and each Bob. Moreover, they can confirm that whether there exists an eavesdropper without exchanging classical messages. Most importantly, without knowing the positions of the inserted nonorthogonal state particles and the sequence constituted by the first particles from every EPR pair, the proposed scheme is shown to be secure.

Does counting still count? Revisiting the security of counting based user authentication protocols against statistical attacks

At NDSS 2012, Yan et al. analyzed the security of several challenge-response type user authentication protocols against passive observers, and proposed a generic counting based statistical attack to recover the secret of some counting based protocols given a number of observed authentication sessions. Roughly speaking, the attack is based on the fact that secret (pass) objects appear in challenges with a different probability from non-secret (decoy) objects when the responses are taken into account. Although they mentioned that a protocol susceptible to this attack should minimize this difference, they did not give details as to how this can be achieved barring a few suggestions. In this paper, we attempt to fill this gap by generalizing the attack with a much more comprehensive theoretical analysis. Our treatment is more quantitative which enables us to describe a method to theoretically estimate a lower bound on the number of sessions a protocol can be safely used against the attack. Our results include 1) two proposed fixes to make counting protocols practically safe against the attack at the cost of usability, 2) the observation that the attack can be used on non-counting based protocols too as long as challenge generation is contrived, 3) and two main design principles for user authentication protocols which can be considered as extensions of the principles from Yan et al. This detailed theoretical treatment can be used as a guideline during the design of counting based protocols to determine their susceptibility to this attack. The Foxtail protocol, one of the protocols analyzed by Yan et al., is used as a representative to illustrate our theoretical and experimental results.

A coding approach to the multicast stream authentication problem

We study the multicast stream authentication problem when an opponent can drop, reorder and introduce data packets into the communication channel. In such a model, packet overhead and computing efficiency are two parameters to be taken into account when designing a multicast stream protocol. In this paper, we propose to use two families of erasure codes to deal with this problem, namely, rateless codes and maximum distance separable codes. Our constructions will have the following advantages. First, our packet overhead will be small. Second, the number of signature verifications to be performed at the receiver is O(1). Third, every receiver will be able to recover all the original data packets emitted by the sender despite losses and injection occurred during the transmission of information.

Estimating hidden message length in binary image embedded by using boundary pixels steganography

In this paper, we propose a new steganalytic method to detect the message hidden in a black and white image using the steganographic technique developed by Liang, Wang and Zhang. Our detection method estimates the length of hidden message embedded in a binary image. Although the hidden message embedded is visually imperceptible, it changes some image statistic (such as inter-pixels correlation). Based on this observation, we first derive the 512 patterns histogram from the boundary pixels as the distinguishing statistic, then we compute the histogram difference to determine the changes of the 512 patterns histogram induced by the embedding operation. Finally we propose histogram quotient to estimate the length of the embedded message. Experimental results confirm that the proposed method can effectively and reliably detect the length of the embedded message.

On the security of PAS (predicate-based authentication service)

Recently a new human authentication scheme called PAS (predicate-based authentication service) was proposed, which does not require the assistance of any supplementary device. The main security claim of PAS is to resist passive adversaries who can observe the whole authentication session between the human user and the remote server. In this paper we show that PAS is insecure against both brute force attack and a probabilistic attack. In particular, we show that its security against brute force attack was strongly overestimated. Furthermore, we introduce a probabilistic attack, which can break part of the password even with a very small number of observed authentication sessions. Although the proposed attack cannot completely break the password, it can downgrade the PAS system to a much weaker system similar to common OTP (one-time password) systems.

Source code watermarking based on function dependency oriented sequencing

In the current market, extensive software development is taking place and the software industry is thriving. Major software giants have stated source code theft as a major threat to revenues. By inserting an identity-establishing watermark in the source code, a company can prove it's ownership over the source code. In this paper, we propose a watermarking scheme for C/C++ source codes by exploiting the language restrictions. If a function calls another function, the latter needs to be defined in the code before the former, unless one uses function pre-declarations. We embed the watermark in the code by imposing an ordering on the mutually independent functions by introducing bogus dependency. Removal of dependency by the attacker to erase the watermark requires extensive manual intervention thereby making the attack infeasible. The scheme is also secure against subtractive and additive attacks. Using our watermarking scheme, an n-bit watermark can be embedded in a program having n independent functions. The scheme is implemented on several sample codes and performance changes are analyzed.

Written in code : diversity and the new genetics

Modern genetic research holds out the promise of a bold new future in which humanity has identified and conquered the genetic roots of many diseases. Genetic science also promises to shed light on who we are, what it is that makes us tick, what it is that makes us the way we are — in short, what it is that makes us human. Yet while genetics are a potential saviour (saving us from disease), it also appears as a threat that at the extremes appears to be the stuff of our worst nightmares, such as the prospect, probably more imagined than real, of rows of cloned individuals. The new genetics hold out the promise that through genetics we will be able to determine what we are, a promise that is simultaneously appealing and terrifying. This chapter discusses the cloning of people and parts, the law’s response to cloning, genetics and diversity, a framework for law reform.