Privacy enhancements for hardware-based security modules

The increasing growth in the use of Hardware Security Modules (HSMs) towards identification and authentication of a security endpoint have raised numerous privacy and security concerns. HSMs have the ability to tie a system or an object, along with its users to the physical world. However, this enables tracking of the user and/or an object associated with the HSM. Current systems do not adequately address the privacy needs and as such are susceptible to various attacks. In this work, we analyse various security and privacy concerns that arise when deploying such hardware security modules and propose a system that allow users to create pseudonyms from a trusted master public-secret key pair. The proposed system is based on the intractability of factoring and finding square roots of a quadratic residue modulo a composite number, where the composite number is a product of two large primes. Along with the standard notion of protecting privacy of an user, the proposed system offers colligation between seemingly independent pseudonyms. This new property when combined with HSMs that store the master secret key is extremely beneficial to a user, as it offers a convenient way to generate a large number of pseudonyms using relatively small storage requirements.

On the security of PAS (predicate-based authentication service)

Recently a new human authentication scheme called PAS (predicate-based authentication service) was proposed, which does not require the assistance of any supplementary device. The main security claim of PAS is to resist passive adversaries who can observe the whole authentication session between the human user and the remote server. In this paper we show that PAS is insecure against both brute force attack and a probabilistic attack. In particular, we show that its security against brute force attack was strongly overestimated. Furthermore, we introduce a probabilistic attack, which can break part of the password even with a very small number of observed authentication sessions. Although the proposed attack cannot completely break the password, it can downgrade the PAS system to a much weaker system similar to common OTP (one-time password) systems.

Formal security analysis of Australian e-passport implementation

This paper provides a detailed description of the current Australian e-passport implementation and makes a formal verification using model checking tools CASPER/CSP/FDR. We highlight security issues present in the current e-passport implementation and identify new threats when an e-passport system is integrated with an automated processing systems like SmartGate. Because the current e-passport specification does not provide adequate security goals, to perform a rational security analysis we identify and describe a set of security goals for evaluation of e-passport protocols. Our analysis confirms existing security issues that were previously informally identified and presents weaknesses that exists in the current e-passport implementation.

Gambling on gambling in Baccarat : financial implications of raising bet limits and table differentials

The house advantage for Baccarat is known, hence the theoretical win can be determined. What is impractical to theoretically determine is the frequency and financial implications of extreme events, for example, prolonged winning streaks coupled with various betting patterns. The simulation herein provides such granularity. We explore the effect of following the „hot hand‟, that is, rapidly escalating bets when players are on a winning streak. To minimize their exposure, casino management sets a table bet maximum as well as a table differential. These figures can and do serve as a means to differentiate one casino from another. As the allowable bet maximum increases so does the total amount bet, which increases the theoretical winnings, thus suggesting that a high bet limit and differential is beneficial for the house. However, the greater are these amounts, the greater the number of shoes that end with players losing relative to a constant betting scenario (the number of times a player wins at all can drop from ~47% of the time to less than a quarter); but there will, on occasion, be more extreme payouts to players. This simulation is therefore intended to help casino managers set betting limits that maximize total winnings while bearing in mind both the likelihood and magnitude of negative outcomes to the casino.

Airports of the future : improving operation, security and experience

The final report for the ARC project "Airports of the Future". It contains the findings and recommendations provided by the various teams to the industry partners.

Raising levels of awareness of rights and obligations in the provision of financial product advice to retail clients

In September-December 2012, 548 financial planning retail clients and 77 financial advisers responded to online surveys addressing consumer satisfaction with financial planning services and the provision of information concerning regulatory and rights issues. Retail clients commented on areas related to the best interests duty in s 961B of the Corporations Act 2001 (Cth), in particular the extent to which advisers considered their clients’ financial objectives and lifestyle situations, and the client-centredness of the financial advice they received. Retail clients also indicated their level of awareness of their substantive rights in relation to receiving advice, the legal obligations imposed on advisers, and whether they would access internal and external complaints processes if warranted. Advisers reported on the extent to which they provide clients with information relating to their substantive rights, and complaints processes available to them. Responses were analysed in relation to client demographics (e.g., age, gender, education), and experience of financial advice. This article reports on the findings of the surveys and their implications for financial planners.

Security properties analysis in a TPM-based protocol

Security protocols are designed in order to provide security properties (goals). They achieve their goals using cryptographic primitives such as key agreement or hash functions. Security analysis tools are used in order to verify whether a security protocol achieves its goals or not. The analysed property by specific purpose tools are predefined properties such as secrecy (confidentiality), authentication or non-repudiation. There are security goals that are defined by the user in systems with security requirements. Analysis of these properties is possible with general purpose analysis tools such as coloured petri nets (CPN). This research analyses two security properties that are defined in a protocol that is based on trusted platform module (TPM). The analysed protocol is proposed by Delaune to use TPM capabilities and secrets in order to open only one secret from two submitted secrets to a recipient

Food security

INTRODUCTION Globally, one-third of food production is lost annually due to negligent authorities. India alone loses some 21 million tonnes of wheat per year even while it has 200 million food-insecure people in the nation. Disturbingly provocative as it may sound, it is amazing how national and international institutions and governments make use of human hunger for their own survival (Raghib 2013). The global food system is increasingly insecure. Challenges to long-term global food security are encapsulated by resource scarcity, environmental degradation, biodiversity loss, climate change, reductions of farm labour and a growing world population. These issues are caused and aggravated by the spread of corporatised and monopolised food systems, dietary change, and urbanisation. These factors have rapidly brought food insecurity under the umbrella of unconventional security threats (Heukelom 2011). For some, humanitarian crises associated with food insecurity, or what has been dubbed ‘the silent tsunami’, is a pending peril, notably for the world’s poorest and most vulnerable people. For others, the food production industry is an emerging market with unprecedented profits. Despite this problem of food scarcity we are witnessing extraordinary ‘food wastage’, notably in North America and Europe, on a scale that would reportedly be capable of feeding the world’s hungry six times over (Stuart 2012). As the opening quotation to this chapter suggests, governments and corporations are deeply involved in the contexts, politics, and resources associated with food related issues. As many economically developed and advanced industrial nations are reporting a rise out of recession, announcements are made by the world’s richest countries that they are to cut $US2 billion per year from food aid. The head of the World Food Aid Programme, Rosette Sheeran, warns that such cuts could result in ‘the loss of a generation’ (Walters 2011). The global food crisis has also reinvigorated debates about agricultural development and genetically modified (GM) food; as well as fuelling debates about poverty, debt and security. This chapter provides a discussion of the political economy of global food debates and explores the threats and opportunities surrounding food production and future food security.

Re-examining the financial returns from New Zealand's SOE sector : re-examining privatisation

This paper considers the potential for profit within state-owned enterprises [SOEs] as part of the privatisation debate, through an examination of New Zealand’s SOE sector from 2006 to 2010, extending and comparing findings of an earlier study from 2001 to 2005.

Auditor communication in an evolving environment : going beyond SAS 600 auditors' reports on financial statements

In 1993 the Auditing Practices Board issued an expanded audit report, SAS 600 Auditors’ Reports on Financial Statements, in an attempt to educate users and to clarify certain matters pertaining to the audit function. This paper investigates the extent to which the new audit report, SAS 600, has been successful in aligning the views of auditors, preparers and users about issues dealt with in the expanded audit report, and the extent to which the three groups considered that it would be useful for additional matters, including corporate governance, to be reported upon by the auditor. Our findings suggest that SAS 600 has been successful in clarifying the purpose of the audit and the respective responsibilities of auditors and directors. However, to meet the expectations of users and to add more value, the audit report needs to provide more information about the findings of the audit.

Book reviews : "Biosecurity interventions: global health and security in question"

International Relations’ engagement with global health governance has proliferated in the last decade. There are a number of excellent works that seek to understand how the relationship between politics and health shapes and informs people’s lives and governments’ policies. However, the overt securitization of health by the IR field has, Biosecurity interventions argues, remained relatively unproblematized...

Security analysis of the non-aggressive challenge response of the DNP3 Protocol using a CPN Model

Distributed Network Protocol Version 3 (DNP3) is the de-facto communication protocol for power grids. Standard-based interoperability among devices has made the protocol useful to other infrastructures such as water, sewage, oil and gas. DNP3 is designed to facilitate interaction between master stations and outstations. In this paper, we apply a formal modelling methodology called Coloured Petri Nets (CPN) to create an executable model representation of DNP3 protocol. The model facilitates the analysis of the protocol to ensure that the protocol will behave as expected. Also, we illustrate how to verify and validate the behaviour of the protocol, using the CPN model and the corresponding state space tool to determine if there are insecure states. With this approach, we were able to identify a Denial of Service (DoS) attack against the DNP3 protocol.