SKMA - A Key Management Architecture for SCADA Systems

Supervisory Control And Data Acquisition (SCADA) systems are widely used in the management of critical infrastructure such as electricity and water distrubution systems. Currently there is little understanding of how to best protect SCADA systems from malicious attacks. We review the constraints and requirements for SCADA security and propose a suitable architecture (SKMA) for secure SCADA communications. The architecture includes a proposed key management protocol (SKMP). We compare the architecture with a previous proposal from Sandia Labs.

An Investigation of Cognitive, Emotional and Negative Behavioural Responses to Service Recovery Strategies

Despite the best intentions of service providers and organisations, service delivery is rarely error-free. While numerous studies have investigated specific cognitive, emotional or behavioural responses to service failure and recovery, these studies do not fully capture the complexity of the services encounter. Consequently, this research develops a more holistic understanding of how specific service recovery strategies affect the responses of customers by combining two existing models—Smith & Bolton’s (2002) model of emotional responses to service performance and Fullerton and Punj’s (1993) structural model of aberrant consumer behaviour—into a conceptual framework. Specific service recovery strategies are proposed to influence consumer cognition, emotion and behaviour. This research was conducted using a 2x2 between-subjects quasi-experimental design that was administered via written survey. The experimental design manipulated two levels of two specific service recovery strategies: compensation and apology. The effect of the four recovery strategies were investigated by collecting data from 18-25 year olds and were analysed using multivariate analysis of covariance and multiple regression analysis. The results suggest that different service recovery strategies are associated with varying scores of satisfaction, perceived distributive justice, positive emotions, negative emotions and negative functional behaviour, but not dysfunctional behaviour. These finding have significant implications for the theory and practice of managing service recovery.

Key performance indicators for measuring construction success

The construction industry is dynamic in nature. The concept of project success has remained ambiguously defined in the construction industry. Project success is almost the ultimate goal for every project. However, it means different things to different people. While some writers consider time, cost and quality as predominant criteria, others suggest that success is something more complex. The aim of this paper is to develop a framework for measuring success of construction projects. In this paper, a set of key performance indicators (KPIs), measured both objectively and subjectively are developed through a comprehensive literature review. The validity of the proposed KPIs is also tested by three case studies. Then, the limitations of the suggested KPIs are discussed. With the development of KPIs, a benchmark for measuring the performance of a construction project can be set. It also provides significant insights into developing a general and comprehensive base for further research.

Universally composable contributory group key exchange

We treat the security of group key exchange (GKE) in the universal composability (UC) framework. Analyzing GKE protocols in the UC framework naturally addresses attacks by malicious insiders. We define an ideal functionality for GKE that captures contributiveness in addition to other desired security goals. We show that an efficient two-round protocol securely realizes the proposed functionality in the random oracle model. As a result, we obtain the most efficient UC-secure contributory GKE protocol known.

Modeling key compromise impersonation attacks on group key exchange protocols

A key exchange protocol allows a set of parties to agree upon a secret session key over a public network. Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, the security attribute of key compromise impersonation (KCI) resilience has so far been ignored for the case of GKE protocols. We first model the security of GKE protocols addressing KCI attacks by both outsider and insider adversaries. We then show that a few existing protocols are not secure even against outsider KCI attacks. The attacks on these protocols demonstrate the necessity of considering KCI resilience for GKE protocols. Finally, we give a new proof of security for an existing GKE protocol under the revised model assuming random oracles.

Protocol engineering for protection against denial-of-service attacks

Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS) attempt to temporarily disrupt users or computer resources to cause service un- availability to legitimate users in the internetworking system. The most common type of DoS attack occurs when adversaries °ood a large amount of bogus data to interfere or disrupt the service on the server. The attack can be either a single-source attack, which originates at only one host, or a multi-source attack, in which multiple hosts coordinate to °ood a large number of packets to the server. Cryptographic mechanisms in authentication schemes are an example ap- proach to help the server to validate malicious tra±c. Since authentication in key establishment protocols requires the veri¯er to spend some resources before successfully detecting the bogus messages, adversaries might be able to exploit this °aw to mount an attack to overwhelm the server resources. The attacker is able to perform this kind of attack because many key establishment protocols incorporate strong authentication at the beginning phase before they can iden- tify the attacks. This is an example of DoS threats in most key establishment protocols because they have been implemented to support con¯dentiality and data integrity, but do not carefully consider other security objectives, such as availability. The main objective of this research is to design denial-of-service resistant mechanisms in key establishment protocols. In particular, we focus on the design of cryptographic protocols related to key establishment protocols that implement client puzzles to protect the server against resource exhaustion attacks. Another objective is to extend formal analysis techniques to include DoS- resistance. Basically, the formal analysis approach is used not only to analyse and verify the security of a cryptographic scheme carefully but also to help in the design stage of new protocols with a high level of security guarantee. In this research, we focus on an analysis technique of Meadows' cost-based framework, and we implement DoS-resistant model using Coloured Petri Nets. Meadows' cost-based framework is directly proposed to assess denial-of-service vulnerabil- ities in the cryptographic protocols using mathematical proof, while Coloured Petri Nets is used to model and verify the communication protocols using inter- active simulations. In addition, Coloured Petri Nets are able to help the protocol designer to clarify and reduce some inconsistency of the protocol speci¯cation. Therefore, the second objective of this research is to explore vulnerabilities in existing DoS-resistant protocols, as well as extend a formal analysis approach to our new framework for improving DoS-resistance and evaluating the performance of the new proposed mechanism. In summary, the speci¯c outcomes of this research include following results; 1. A taxonomy of denial-of-service resistant strategies and techniques used in key establishment protocols; 2. A critical analysis of existing DoS-resistant key exchange and key estab- lishment protocols; 3. An implementation of Meadows's cost-based framework using Coloured Petri Nets for modelling and evaluating DoS-resistant protocols; and 4. A development of new e±cient and practical DoS-resistant mechanisms to improve the resistance to denial-of-service attacks in key establishment protocols.

The case for quantum key distribution

Quantum key distribution (QKD) promises secure key agreement by using quantum mechanical systems. We argue that QKD will be an important part of future cryptographic infrastructures. It can provide long-term confidentiality for encrypted information without reliance on computational assumptions. Although QKD still requires authentication to prevent man-in-the-middle attacks, it can make use of either information-theoretically secure symmetric key authentication or computationally secure public key authentication: even when using public key authentication, we argue that QKD still offers stronger security than classical key agreement.

Learning to reflect in the first year of legal education : the key to surviving legal education and legal practice

Lawyers and law students suffer significant rates of depression and substance abuse. This paper suggests that Law Schools have an obligation to assist students to develop the emotional intelligence necessary in order to cope with the stressful nature of legal practice. We draw on Schön’s discussion of the indeterminate zone of professional practice to suggest that reflective practice is the means by which students can become sufficiently emotionally intelligent to become balanced and happy lawyers. We suggest that incorporating reflective practice in intentional curriculum design in the first year of law is an effective first step in assisting students to develop the emotional intelligence necessary to survive the study and practice of law.

Harmonising procurement policy environment - identifying key themes towards the development of a conceptual model

Capital works procurement and its regulatory policy environment within a country can be complex entities. For example, by virtue of Australia’s governmental division between the Commonwealth, states and local jurisdictions and the associated procurement networks and responsibilities at each level, the tendering process is often convoluted. There are four inter-related key themes identified in the literature in relation to procurement disharmony, including decentralisation, risk & risk mitigation, free trade & competition, and tendering costs. This paper defines and discusses these key areas of conflict that adversely impact upon the business environments of industry through a literature review, policy analysis and consultation with capital works procurement stakeholders. The aim of this national study is to identify policy differences between jurisdictions in Australia, and ascertain whether those differences are a barrier to productivity and innovation. This research forms an element of a broader investigation with an aim of developing efficient, effective and nationally harmonised procurement systems. Keywords: capital works, procurement policy reform Acknowledgement: The research described in this paper carried out by the Australian Cooperative Research Centre for Construction Innovation.

What will the next buyer pay? the key to investing in property

Most investors look at the initial return (or yield) that they will receive from an investment property, but this is only part of the picture. The more important issue is what capital appreciation will be achieved. Unless an investment property will deliver substantial capital appreciation, it is unlikely to be a good investment in financial terms.

Strongly Secure Certificateless Key Agreement

We introduce a formal model for certificateless authenticated key exchange (CL-AKE) protocols. Contrary to what might be expected, we show that the natural combination of an ID-based AKE protocol with a public key based AKE protocol cannot provide strong security. We provide the first one-round CL-AKE scheme proven secure in the random oracle model. We introduce two variants of the Diffie-Hellman trapdoor the introduced by \cite{DBLP:conf/eurocrypt/CashKS08}. The proposed key agreement scheme is secure as long as each party has at least one uncompromised secret. Thus, our scheme is secure even if the key generation centre learns the ephemeral secrets of both parties.