National security and pandemics

Pandemics are for the most part disease outbreaks that become widespread as a result of the spread of human-to-human infection. Beyond the debilitating, sometimes fatal, consequences for those directly affected, pandemics have a range of negative social, economic and political consequences. These tend to be greater where the pandemic is a novel pathogen, has a high mortality and/or hospitalization rate and is easily spread. According to Lee Jong-wook, former Director-General of the World Health Organization (WHO), pandemics do not respect international borders. Therefore, they have the potential to weaken many societies, political systems and economies simultaneously.

1st International Workshop on Secure and Privacy-Aware Information Management in eHealth

Information security and privacy in the healthcare domain is a complex and challenging problem for computer scientists, social scientists, law experts and policy makers. Appropriate healthcare provision requires specialized knowledge, is information intensive and much patient information is of a particularly sensitive nature. Electronic health record systems provide opportunities for information sharing which may enhance healthcare services, for both individuals and populations. However, appropriate information management measures are essential for privacy preservation...

The rise and fall of the international law of maritime terrorism : the ghost of piracy is still hunting!

Maritime terrorism is a serious threat to global security. A major debate in this regard is the treating of acts of maritime terrorism as piracy by some scholars and a rejection of this view by others. Moreover, the international law of maritime terrorism suffers from fundamental definitional issues, much like the international law of terrorism. This article examines the current international law of maritime terrorism with a particular emphasis on the debate regarding the applicability of the international law of piracy in the case of maritime terrorism. It argues that the international law of piracy is not applicable in the enforcement and prosecution of maritime terrorists on the high seas. International treaties on terrorism and the post-September 11 developments relating to international laws on terrorism have created a workable international legal framework for combating maritime terrorism, despite some bottlenecks.

Dataset validation within big data security architecture

In recent years, increasing focus has been made on making good business decisions utilizing the product of data analysis. With the advent of the Big Data phenomenon, this is even more apparent than ever before. But the question is how can organizations trust decisions made on the basis of results obtained from analysis of untrusted data? Assurances and trust that data and datasets that inform these decisions have not been tainted by outside agency. This study will propose enabling the authentication of datasets specifically by the extension of the RESTful architectural scheme to include authentication parameters while operating within a larger holistic security framework architecture or model compliant to legislation.

The suffix-free-prefix-free hash function construction and its indifferentiability security analysis

In this paper, we observe that in the seminal work on indifferentiability analysis of iterated hash functions by Coron et al. and in subsequent works, the initial value (IV) of hash functions is fixed. In addition, these indifferentiability results do not depend on the Merkle–Damgård (MD) strengthening in the padding functionality of the hash functions. We propose a generic n -bit-iterated hash function framework based on an n -bit compression function called suffix-free-prefix-free (SFPF) that works for arbitrary IV s and does not possess MD strengthening. We formally prove that SFPF is indifferentiable from a random oracle (RO) when the compression function is viewed as a fixed input-length random oracle (FIL-RO). We show that some hash function constructions proposed in the literature fit in the SFPF framework while others that do not fit in this framework are not indifferentiable from a RO. We also show that the SFPF hash function framework with the provision of MD strengthening generalizes any n -bit-iterated hash function based on an n -bit compression function and with an n -bit chaining value that is proven indifferentiable from a RO.

Security Analysis of salt||password Hashes

Protection of passwords used to authenticate computer systems and networks is one of the most important application of cryptographic hash functions. Due to the application of precomputed memory look up attacks such as birthday and dictionary attacks on the hash values of passwords to find passwords, it is usually recommended to apply hash function to the combination of both the salt and password, denoted salt||password, to prevent these attacks. In this paper, we present the first security analysis of salt||password hashing application. We show that when hash functions based on the compression functions with easily found fixed points are used to compute the salt||password hashes, these hashes are susceptible to precomputed offline birthday attacks. For example, this attack is applicable to the salt||password hashes computed using the standard hash functions such as MD5, SHA-1, SHA-256 and SHA-512 that are based on the popular Davies-Meyer compression function. This attack exposes a subtle property of this application that although the provision of salt prevents an attacker from finding passwords, salts prefixed to the passwords do not prevent an attacker from doing a precomputed birthday attack to forge an unknown password. In this forgery attack, we demonstrate the possibility of building multiple passwords for an unknown password for the same hash value and salt. Interestingly, password||salt (i.e. salts suffixed to the passwords) hashes computed using Davies-Meyer hash functions are not susceptible to this attack, showing the first security gap between the prefix-salt and suffix-salt methods of hashing passwords.

Safety envelope for security

We present an approach for detecting sensor spoofing attacks on a cyber-physical system. Our approach consists of two steps. In the first step, we construct a safety envelope of the system. Under nominal conditions (that is, when there are no attacks), the system always stays inside its safety envelope. In the second step, we build an attack detector: a monitor that executes synchronously with the system and raises an alarm whenever the system state falls outside the safety envelope. We synthesize safety envelopes using a modified machine learning procedure applied on data collected from the system when it is not under attack. We present experimental results that show effectiveness of our approach, and also validate the several novel features that we introduced in our learning procedure.

2nd International Workshop on Secure and Privacy-Aware Information Management in eHealth

Information security and privacy in the healthcare domain is a complex and challenging problem for computer scientists, social scientists, law experts and policy makers. Appropriate healthcare provision requires specialized knowledge, is information intensive and much patient information is of a particularly sensitive nature. Electronic health record systems provide opportunities for information sharing which may enhance healthcare services, for both individuals and populations. However, appropriate information management measures are essential for privacy preservation...

International regulatory framework for food production and diversity

Stakeholders commonly agree that food systems need to be urgently reformed. Yet, how food systems should be reformed is extremely contested. Public international law and regulations are uniquely placed to influence and guide law, policy, programmes and action at regional, national and local levels. Although plenty of international legal instruments intersect with food-related issues, the international regulation of food systems is fragmented, understudied and contested. In order to address these issues, this paper maps and analyses the public international regulatory aspects of food production with a view to providing recommendations for reform. Accordingly, this paper brings together a variety of binding and non-binding international regulatory instruments that to varying degrees and from a range of angles deals with the first activity in the food system: food production. The following paper traces the regulatory tools from natural resources, to the farmers and farm workers that apply skill and experience, and finally to the different dimension of world trade in food. The various regulatory instruments identified, and their collective whole, will be analysed against a rights-based approach to food security.

The doomsday vault: Seed banks, food security, and climate change

"It could easily provide the back-drop for a James Bond movie. Deep inside a mountain near the North Pole, down a fortified tunnel, and behind airlocked doors in a vault frozen to -18 degrees Celsius, scientists are squirreling away millions of seed samples. The samples constitute the very foundation of agriculture, the biological diversity needed so the world's major food crops can adapt to the next pest or disease, or to climate change. It's little wonder that the Svalbard Global Seed Vault has captured the public's imagination more than almost any agricultural topic in recent years. Popular press reports about the ‘Doomsday Vault,’ however, typically mask the complexity of the endeavor and, if anything, underestimate its practical utility." Cary Fowler This chapter considers the use of seed banks to address concerns about intellectual property, climate change and food security. It has a number of themes. First of all, it is interested in the use of ‘Big Science’ projects to address pressing global scientific concerns and Millennium Development Goals. Second, it highlights the increasing use of banks as a means of managing both property and intellectual property across a wide range of fields of agriculture and biotechnology. Third, it considers the linkage of intellectual property, access to genetic resources and benefit sharing. There are a variety of positions in this debate. Some see requirements in respect of access to genetic resources and benefit sharing as an inconvenient burden for science and commerce. Others defend access to genetic resources and benefit sharing as meaningful and productive. Those inclined to somewhat more conspiratorial views suggest that access to genetic resources and benefit sharing are a ruse to facilitate biopiracy. This chapter has a number of components. Section I focuses upon the Consultative Group on International Agricultural Research (CGIAR) network – often raised as a model for Climate Innovation Centres. Section II considers the Svalbard Global Seed Vault – the so-called Doomsday Vault. After a consideration of the World Summit on Food Security in 2009, it is concluded in this chapter that any future international agreement on climate change needs to address intellectual property, plant genetic resources and food security.

Network security metrics and performance for healthcare systems management

While enhanced cybersecurity options, mainly based around cryptographic functions, are needed overall speed and performance of a healthcare network may take priority in many circumstances. As such the overall security and performance metrics of those cryptographic functions in their embedded context needs to be understood. Understanding those metrics has been the main aim of this research activity. This research reports on an implementation of one network security technology, Internet Protocol Security (IPSec), to assess security performance. This research simulates sensitive healthcare information being transferred over networks, and then measures data delivery times with selected security parameters for various communication scenarios on Linux-based and Windows-based systems. Based on our test results, this research has revealed a number of network security metrics that need to be considered when designing and managing network security for healthcare-specific or non-healthcare-specific systems from security, performance and manageability perspectives. This research proposes practical recommendations based on the test results for the effective selection of network security controls to achieve an appropriate balance between network security and performance

Social Security Programs Throughout the World: Asia and the Pacific, 2006

[Excerpt] This second issue in the current four-volume series of Social Security Programs Throughout the World reports on the countries of Asia and the Pacific. The combined findings of this series, which also includes volumes on Europe, Africa, and the Americas, are published at 6-month intervals over a 2-year period. Each volume highlights features of social security programs in the particular region. This guide serves as an overview of programs in all regions. A few political jurisdictions have been excluded because they have no social security system or have issued no information regarding their social security legislation. In the absence of recent information, national programs reported in previous volumes may also be excluded. In this volume on Asia and the Pacific, the data reported are based on laws and regulations in force in July 2006 or on the last date for which information has been received.1 Information for each country on types of social security programs, types of mandatory systems for retirement income, contribution rates, and demographic and other statistics related to social security is shown in Tables 1­4 at the end of the guide. The country summaries show each system's major features. Separate programs in the public sector and specialized funds for such groups as agricultural workers, collective farmers, or the self-employed have not been described in any detail. Benefit arrangements of private employers or individuals are not described in any detail, even though such arrangements may be mandatory in some countries or available as alternatives to statutory programs. The country summaries also do not refer to international social security agreements that may be in force between two or more countries. Those agreements may modify coverage, contributions, and benefit provisions of national laws summarized in the country write-ups. Since the summary format requires brevity, technical terms have been developed that are concise as well as comparable and are applied to all programs. The terminology may therefore differ from national concepts or usage.

Global banana disease management - getting serious with sustainability and food security

Much research in understanding plant diseases has been undertaken, but there has been insufficient attention given to dealing with coordinated approaches to preventing and managing diseases. A global management approach is essential to the long-term sustainability of banana production. This approach would involve coordinated surveys, capacity building in developing countries, development of disease outbreak contingency plans and coordinated quarantine awareness, including on-line training in impact risk assessment and web-based diagnostic software. Free movement of banana plants and products between some banana-producing countries is causing significant pressure on the ability to manage diseases in banana. The rapid spread of Fusarium oxysporum f. sp. cubense 'tropical race 4' in Asia, bacterial wilts in Africa and Asia and black leaf streak [Mycosphaerella fijiensis] in Brazil and elsewhere are cases in point. The impact of these diseases is devastating, severely cutting family incomes and jeopardising food security around the globe. Agreements urgently need to be reached between governments to halt the movement of banana plants and products between banana-producing countries before it is too late and global food security is irreparably harmed. Black leaf streak, arguably the most serious banana disease, has become extremely difficult to control in commercial plantations in various parts of the world. Sometimes in excess of 50 fungicide sprays have to be applied each year. Disease eradication and effective disease control is not possible because there is no control of disease inoculum in non-commercial plantings in these locations. Additionally, there have been enormous sums of money invested in international banana breeding programmes over many years only to see the value of hybrid products lost too soon. 'Goldfinger' (AAAB, syn. 'FHIA-01'), for example, has recently been observed severely affected by black leaf streak in Samoa. Resistant cultivars alone cannot be relied upon in the fight against this disease. Real progress in control may only come when the local communities are engaged and become actively involved in regional programmes. Global recommendations are long overdue and urgently needed to help ensure the long-term sustainable utilisation of the products of the breeding programmes.