On the provable security of an efficient RSA-based pseudorandom generator

Pseudorandom Generators (PRGs) based on the RSA inversion (one-wayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, despite extensive study, the most efficient provably secure RSA-based generators output asymptotically only at most O(logn) bits per multiply modulo an RSA modulus of bitlength n, and hence are too slow to be used in many practical applications. To bring theory closer to practice, we present a simple modification to the proof of security by Fischlin and Schnorr of an RSA-based PRG, which shows that one can obtain an RSA-based PRG which outputs Ω(n) bits per multiply and has provable pseudorandomness security assuming the hardness of a well-studied variant of the RSA inversion problem, where a constant fraction of the plaintext bits are given. Our result gives a positive answer to an open question posed by Gennaro (J. of Cryptology, 2005) regarding finding a PRG beating the rate O(logn) bits per multiply at the cost of a reasonable assumption on RSA inversion.

Security and Privacy in Vehicular Ad-Hoc Networks : Survey and the Road Ahead

Vehicular Ad-hoc Networks (VANETs) can make roads safer, cleaner, and smarter. It can offer a wide range of services, which can be safety and non-safety related. Many safety-related VANETs applications are real-time and mission critical, which would require strict guarantee of security and reliability. Even non-safety related multimedia applications, which will play an important role in the future, will require security support. Lack of such security and privacy in VANETs is one of the key hindrances to the wide spread implementations of it. An insecure and unreliable VANET can be more dangerous than the system without VANET support. So it is essential to make sure that “life-critical safety” information is secure enough to rely on. Securing the VANETs along with appropriate protection of the privacy drivers or vehicle owners is a very challenging task. In this work we summarize the attacks, corresponding security requirements and challenges in VANETs. We also present the most popular generic security policies which are based on prevention as well detection methods. Many VANETs applications require system-wide security support rather than individual layer from the VANETs’ protocol stack. In this work we will review the existing works in the perspective of holistic approach of security. Finally, we will provide some possible future directions to achieve system-wide security as well as privacy-friendly security in VANETs.

Security in wireless sensor networks : issues and challenges

Wireless Sensor Networks (WSNs) are employed in numerous applications in different areas including military, ecology, and health; for example, to control of important information like the personnel position in a building, as a result, WSNs need security. However, several restrictions such as low capability of computation, small memory, limited resources of energy, and the unreliable channels employ communication in using WSNs can cause difficulty in use of security and protection in WSNs. It is very essential to save WSNs from malevolent attacks in unfriendly situations. Such networks require security plan due to various limitations of resources and the prominent characteristics of a wireless sensor network which is a considerable challenge. This article is an extensive review about problems of WSNs security, which examined recently by researchers and a better understanding of future directions for WSN security.

Electronic conveyancing in Australia: Is anyone concerned about security?

Three proof requirements as essential for a sustainable land registration system. These were proof of identity, proof of ownership, and authority to deal. Our attention in this paper is drawn to the latter two requirements and will ask whether the introduction of the Property Exchange of Australia (PEXA), and its underpinning regulatory regime will meet the concerns that we have in relation to proof of ownership and authority to deal. In drawing out some problems with PEXA, we then offer an innovative idea, sourced from the transfer of equities that could serve to generate discussion on how we can ensure the Torrens system of land registration is sustainable for another 160 years.

A digital watermarking framework with application to medical image security

Dealing with digital medical images is raising many new security problems with legal and ethical complexities for local archiving and distant medical services. These include image retention and fraud, distrust and invasion of privacy. This project was a significant step forward in developing a complete framework for systematically designing, analyzing, and applying digital watermarking, with a particular focus on medical image security. A formal generic watermarking model, three new attack models, and an efficient watermarking technique for medical images were developed. These outcomes contribute to standardizing future research in formal modeling and complete security and computational analysis of watermarking schemes.

Women, peace and security as an ASEAN priority

The Association of South East Asian Nations (ASEAN) Secretariat and its member states have repeatedly professed their commitment to the protection and advancement of women’s economic and human rights. Such commitments have included the Declaration on the Advancement of Women in ASEAN in 1988, the ASEAN Declaration on the Elimination of Violence Against Women in 2004, and the ASEAN Declaration of Human Rights in 2012, as well as the establishment of the ASEAN Committee on Women in 2002 and the ASEAN Commission on the Promotion and Protection of Women and Children in 2009. However, none of these regional commitments or institutions expressly take up the core concern of the Women, Peace and Security (WPS) agenda set out in United Nations Security Council (UNSC) Resolution 1325 in 2000. ASEAN has no 1325 regional action plan and amongst the ASEAN membership, the Philippines is the only state that has adopted a 1325 National Action Plan (NAP). We explore the possible reasons for lack of ASEAN institutional engagement with 1325, outline the case for regional engagement, and suggest specific roles for ASEAN Secretariat, donor governments and individual member states to commit to UNSCR 1325 as a regional priority.

Security and the War on Terror

The terrorist attacks of 11 September 2001 marked a turning point in international politics, representing a new type of threat that could not easily be anticipated or prevented through state-based structures of security alone. Opening up interdisciplinary conversations between strategic, economic, ethical and legal approaches to global terrorism, this edited book recognises a fundamental issue: while major crises initially tend to reinforce old thinking and behavioural patterns, they also allow societies to challenge and overcome entrenched habits, thereby creating the foundations for a new and perhaps more peaceful future. This volume addresses the issues that are at stake in this dual process of political closure, and therefore rethinks how states can respond to terrorist threats. The contributors range from leading conceptual theorists to policy-oriented analysts, from senior academics to junior researchers. The book explores how terrorism has had a profound impact on how security is being understood and implemented, and uses a range of hitherto neglected sources of insight, such as those between political, economic, legal and ethical factors, to examine the nature and meaning of security in a rapidly changing world.

National security and pandemics

Pandemics are for the most part disease outbreaks that become widespread as a result of the spread of human-to-human infection. Beyond the debilitating, sometimes fatal, consequences for those directly affected, pandemics have a range of negative social, economic and political consequences. These tend to be greater where the pandemic is a novel pathogen, has a high mortality and/or hospitalization rate and is easily spread. According to Lee Jong-wook, former Director-General of the World Health Organization (WHO), pandemics do not respect international borders. Therefore, they have the potential to weaken many societies, political systems and economies simultaneously.

Electronic conveyancing in Australia : is anyone concerned about security?

We have previously suggested that three proof requirements are essential for a sustainable land registration system. These were proof of identity, proof of ownership and authority to deal. Our attention in this article is drawn to the security framework that surrounds these requirements. We will ask whether the introduction of the Property Exchange of Australia (PEXA), and its underpinning regulatory regime will meet the concerns that we have in relation to them. In drawing out some problems with PEXA, we then offer an innovative idea, sourced from the transfer of equities that could serve to generate discussion on how we can ensure the Torrens system of land registration is sustainable for another 160 years. We also canvass some more incremental suggestions that evolve out of what we currently do, as well as outlining some comparative externally sourced ideas as to how the transfer and ownership of land can be made safer for all citizens. Such a goal is imperative when land transfer and secure property ownership is a critical component of the economic infrastructure of a modern society.

Dataset validation within big data security architecture

In recent years, increasing focus has been made on making good business decisions utilizing the product of data analysis. With the advent of the Big Data phenomenon, this is even more apparent than ever before. But the question is how can organizations trust decisions made on the basis of results obtained from analysis of untrusted data? Assurances and trust that data and datasets that inform these decisions have not been tainted by outside agency. This study will propose enabling the authentication of datasets specifically by the extension of the RESTful architectural scheme to include authentication parameters while operating within a larger holistic security framework architecture or model compliant to legislation.

The security and privacy of usage policies and provenance logs in an Information Accountability Framework

The potential benefits of shared eHealth records systems are promising for the future of improved healthcare. However, the uptake of such systems is hindered by concerns over the security and privacy of patient information. The use of Information Accountability and so called Accountable-eHealth (AeH) systems has been proposed to balance the privacy concerns of patients with the information needs of healthcare professionals. However, a number of challenges remain before AeH systems can become a reality. Among these is the need to protect the information stored in the usage policies and provenance logs used by AeH systems to define appropriate use of information and hold users accountable for their actions. In this paper, we discuss the privacy and security issues surrounding these accountability mechanisms, define valid access to the information they contain, discuss solutions to protect them, and verify and model an implementation of the access requirements as part of an Information Accountability Framework.

Multi-ciphersuite security of the Secure Shell (SSH) protocol

The Secure Shell (SSH) protocol is widely used to provide secure remote access to servers, making it among the most important security protocols on the Internet. We show that the signed-Diffie--Hellman SSH ciphersuites of the SSH protocol are secure: each is a secure authenticated and confidential channel establishment (ACCE) protocol, the same security definition now used to describe the security of Transport Layer Security (TLS) ciphersuites. While the ACCE definition suffices to describe the security of individual ciphersuites, it does not cover the case where parties use the same long-term key with many different ciphersuites: it is common in practice for the server to use the same signing key with both finite field and elliptic curve Diffie--Hellman, for example. While TLS is vulnerable to attack in this case, we show that SSH is secure even when the same signing key is used across multiple ciphersuites. We introduce a new generic multi-ciphersuite composition framework to achieve this result in a black-box way.