Crypto topics and applications II

In this chapter we continue the exposition of crypto topics that was begun in the previous chapter. This chapter covers secret sharing, threshold cryptography, signature schemes, and finally quantum key distribution and quantum cryptography. As in the previous chapter, we have focused only on the essentials of each topic. We have selected in the bibliography a list of representative items, which can be consulted for further details. First we give a synopsis of the topics that are discussed in this chapter. Secret sharing is concerned with the problem of how to distribute a secret among a group of participating individuals, or entities, so that only predesignated collections of individuals are able to recreate the secret by collectively combining the parts of the secret that were allocated to them. There are numerous applications of secret-sharing schemes in practice. One example of secret sharing occurs in banking. For instance, the combination to a vault may be distributed in such a way that only specified collections of employees can open the vault by pooling their portions of the combination. In this way the authority to initiate an action, e.g., the opening of a bank vault, is divided for the purposes of providing security and for added functionality, such as auditing, if required. Threshold cryptography is a relatively recently studied area of cryptography. It deals with situations where the authority to initiate or perform cryptographic operations is distributed among a group of individuals. Many of the standard operations of single-user cryptography have counterparts in threshold cryptography. Signature schemes deal with the problem of generating and verifying electronic) signatures for documents.Asubclass of signature schemes is concerned with the shared-generation and the sharedverification of signatures, where a collaborating group of individuals are required to perform these actions. A new paradigm of security has recently been introduced into cryptography with the emergence of the ideas of quantum key distribution and quantum cryptography. While classical cryptography employs various mathematical techniques to restrict eavesdroppers from learning the contents of encrypted messages, in quantum cryptography the information is protected by the laws of physics.

A new human identification protocol and Coppersmith's baby-step giant-step algorithm

We propose a new protocol providing cryptographically secure authentication to unaided humans against passive adversaries. We also propose a new generic passive attack on human identification protocols. The attack is an application of Coppersmith’s baby-step giant-step algorithm on human identification protcols. Under this attack, the achievable security of some of the best candidates for human identification protocols in the literature is further reduced. We show that our protocol preserves similar usability while achieves better security than these protocols. A comprehensive security analysis is provided which suggests parameters guaranteeing desired levels of security.

Threshold privacy preserving keyword searches

We consider the following problem: users of an organization wish to outsource the storage of sensitive data to a large database server. It is assumed that the server storing the data is untrusted so the data stored have to be encrypted. We further suppose that the manager of the organization has the right to access all data, but a member of the organization can not access any data alone. The member must collaborate with other members to search for the desired data. In this paper, we investigate the notion of threshold privacy preserving keyword search (TPPKS) and define its security requirements. We construct a TPPKS scheme and show the proof of security under the assumptions of intractability of discrete logarithm, decisional Diffie-Hellman and computational Diffie-Hellman problems.

Human errors in computer related abuses

The term “Human error” can simply be defined as an error which made by a human. In fact, Human error is an explanation of malfunctions, unintended consequents from operating a system. There are many factors that cause a person to have an error due to the unwanted error of human. The aim of this paper is to investigate the relationship of human error as one of the factors to computer related abuses. The paper beings by computer-relating to human errors and followed by mechanism mitigate these errors through social and technical perspectives. We present the 25 techniques of computer crime prevention, as a heuristic device that assists. A last section discussing the ways of improving the adoption of security, and conclusion.

A policy model for access control using building information models

Building information models have created a paradigm shift in how buildings are built and managed by providing a dynamic repository for building data that is useful in many new operational scenarios. This change has also created an opportunity to use building information models as an integral part of security operations and especially as a tool to facilitate fine-grained access control to building spaces in smart buildings and critical infrastructure environments. In this paper, we identify the requirements for a security policy model for such an access control system and discuss why the existing policy models are not suitable for this application. We propose a new policy language extension to XACML, with BIM specific data types and functions based on the IFC specification, which we call BIM-XACML.

An efficient and robust system for multi-person event detection in real world indoor surveillance scenes

Due to the popularity of security cameras in public places, it is of interest to design an intelligent system that can efficiently detect events automatically. This paper proposes a novel algorithm for multi-person event detection. To ensure greater than real-time performance, features are extracted directly from compressed MPEG video. A novel histogram-based feature descriptor that captures the angles between extracted particle trajectories is proposed, which allows us to capture motion patterns of multi-person events in the video. To alleviate the need for fine-grained annotation, we propose the use of Labelled Latent Dirichlet Allocation, a “weakly supervised” method that allows the use of coarse temporal annotations which are much simpler to obtain. This novel system is able to run at approximately ten times real-time, while preserving state-of-theart detection performance for multi-person events on a 100-hour real-world surveillance dataset (TRECVid SED).

Are Australian homes liveable and adaptable for Muslim families? - Six case studies in Brisbane

This paper investigates how Muslims living in Brisbane live within their current Australian homes and the liveability and adaptability of these homes from the perspective of home dwellers with respect to their Islamic faiths, cultural traditions and lifestyle. A qualitative case study approach was used to gather information about Muslims’ use of domestic spaces through their lived experiences, within an Australian context. Six participants were interviewed, including: a) three Muslim families residing in one suburb of Brisbane, and; b) three international Muslim students living in three different Brisbane suburbs. These cases indicate that apart from minor difficulties, case study participants were able to perform their daily activities within their current homes through various adaptations made to ensure their respective domestic domains provided their families with privacy and a sense of security and safety. Insight gained from these cases suggest the need for more research into the homes of Muslims homes within an Australian context and the development of culturally adaptable housing as a means of meeting the diverse needs of modern Australian multicultural society.

Never at Home? Migrants Between Societies

This chapter explores the dialectic meaning of ‘home’, and movement away from home. Movement away from home – migration – is characterized as a dynamic, dialectic, and developmental experience. We emphasize the sense of being at home and the intertwined sense of identity as interlinked and mutually defining anchors of our existence that become inevitably shaken and ruptured in the experience of migration. But when looking at how this rupture is experienced and managed, we highlight the inherently complex and dialectic nature of migration, instead of seeing it as a unidirectional sequence of rupture → shock → coping → new stable being. We discuss the complexities of migration experiences as entailing dialectics of home and non-home, rupture and continuity, novelty and everydayness, changing and remaining. The sense of being at home is simultaneously enabling and constraining, helping us to build self-continuity in a new environment, yet also holding us back and distancing us from novelty. Similarly, migration is a threat, yet also a promise; it is a painful, yet possibly exhilarating experience that makes us lose our centre of security and familiarity, yet also opens up opportunities for transformation and re-invention.

Post-quantum key exchange for the TLS protocol from the ring learning with errors problem

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing cipher suites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem, we accompany these cipher suites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today's commercial certificate authorities, smoothing the path to adoption. Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE cipher suites integrated into the Open SSL library and using the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie-Hellman, this means an 8 KiB increased handshake size and a reduction in throughput of only 21%. This demonstrates that provably secure post-quantum key-exchange can already be considered practical.

A strong lightweight authentication protocol for low-cost RFID systems

RFID is an important technology that can be used to create the ubiquitous society. But an RFID system uses open radio frequency signal to transfer information and this leads to pose many serious threats to its privacy and security. In general, the computing and storage resources in an RFID tag are very limited and this makes it difficult to solve its secure and private problems, especially for low-cost RFID tags. In order to ensure the security and privacy of low-cost RFID systems we propose a lightweight authentication protocol based on Hash function. This protocol can ensure forward security and prevent information leakage, location tracing, eavesdropping, replay attack and spoofing. This protocol completes the strong authentication of the reader to the tag by twice authenticating and it only transfers part information of the encrypted tag’s identifier for each session so it is difficult for an adversary to intercept the whole identifier of a tag. This protocol is simple and it takes less computing and storage resources, it is very suitable to some low-cost RFID systems.

GRDB: A general purpose relational database system

This article discusses the design and development of GRDB (General Purpose Relational Data Base System) which has been implemented on a DEC-1090 system in Pascal. GRDB is a general purpose database system designed to be completely independent of the nature of data to be handled, since it is not tailored to the specific requirements of any particular enterprise. It can handle different types of data such as variable length records and textual data. Apart from the usual database facilities such as data definition and data manipulation, GRDB supports User Definition Language (UDL) and Security definition language. These facilities are provided through a SEQUEL-like General Purpose Query Language (GQL). GRDB provides adequate protection facilities up to the relation level. The concept of “security matrix” has been made use of to provide database protection. The concept of Unique IDentification number (UID) and Password is made use of to ensure user identification and authentication. The concept of static integrity constraints has been used to ensure data integrity. Considerable efforts have been made to improve the response time through indexing on the data files and query optimisation. GRDB is designed for an interactive use but alternate provision has been made for its use through batch mode also. A typical Air Force application (consisting of data about personnel, inventory control, and maintenance planning) has been used to test GRDB and it has been found to perform satisfactorily.

Continuous after-the-fact leakage-resilient eCK-secure key exchange

Security models for two-party authenticated key exchange (AKE) protocols have developed over time to capture the security of AKE protocols even when the adversary learns certain secret values. Increased granularity of security can be modelled by considering partial leakage of secrets in the manner of models for leakage-resilient cryptography, designed to capture side-channel attacks. In this work, we use the strongest known partial-leakage-based security model for key exchange protocols, namely continuous after-the-fact leakage eCK (CAFL-eCK) model. We resolve an open problem by constructing the first concrete two-pass leakage-resilient key exchange protocol that is secure in the CAFL-eCK model.

Hospital-related fears and coping strategies in 4-6-year-old children

There is only little information available on the 4-6-year-old child s hospital-related fears, and on the coping with such fears, as expressed by the children themselves. However, previous data collected from parents and hospital personnel indicate that hospitalization is an anxiety-producing experience for young children. The purpose of this study was to describe the experience of hospital-related fears and the experience of coping with hospital-related fears of 4-6-year-old children. The aim of this study was to form a descriptive model of the subjective experience of hospital-related fears and coping strategies of 4-6-year old children. The data were collected by interviewing 4-6-year-old children from a hospital and kindergarten settings in Finland from 2004 to 2006. Ninety children were interviewed in order to describe the hospital-related fear and the experience of fear, and 89 to describe their coping with the fear and the experience of coping. The children were chosen through purposive sampling. The data were gathered by semi-structured interview, supported by pictures. The data about hospital-related fears and on strategies for coping with hospital-related fears were reviewed by qualitative and quantitative methods. The experience of hospital-related fears and coping with these fears were analyzed using Colaizzi s Method of Phenomenological Analysis. The results revealed that more than 90 % of the children said they were afraid of at least one thing in hospital. Most of the fears could be categorized as nursing interventions, fears of being a patient, and fears caused by the developmental stage of the child. Children interviewed in the hospital expressed substantially more fears than children interviewed in kindergarten. Children s meanings of hospital-related fears were placed into four main clusters: 1) insecurity, 2) injury, 3) helplessness, 4) and rejection. The results also showed that children have plenty of coping strategies, to deal with their fears, especially such strategies in which the children themselves play an active role. Most often mentioned coping strategies were 1) the presence of parents and other family members, 2) the help of the personnel, 3) positive images and humour, 4) play, and 5) the child s own safety toy. The children interviewed in the hospital mentioned statistically significantly more often play, positive imagination and humour as their coping strategy than children interviewed in kindergarten. The meaning of coping with hospital fears consisted of six clusters: pleasure, security, care, understanding the meaning of the situation participating, and protecting oneself. Being admitted to a hospital is an event which may increase the fears of a 4-6-year-old child. Children who have personal experience of being admitted to a hospital describe more fears than healthy children in kindergarten. For young children, hospital-related fear can be such a distressing experience that it reflects on their feelings of security and their behaviour. Children can sometimes find it difficult to admit their fear. Children need the help of adults to express their hospital-related fears, the objects of the fears, and to cope with the fears. Personnel should be aware of children s fears and support them in the use of coping strategies. In addition to the experiences of security and care, pre-school-aged children need active coping strategies that they can use themselves, regardless of the presence of the parents or nurses. Most of all, children need the possibility to play and experience pleasure. Children can also be taught coping strategies which give them an active, positive role.

Deterministic schemes for key distribution in wireless sensor networks

In this paper, we propose a new security metric for measuring resilience of a symmetric key distribution scheme in wireless sensor network. A polynomial-based and a novel complete connectivity schemes are proposed and an analytical comparison, in terms of security and connectivity, between the schemes is shown. Motivated by the schemes, we derive general expressions for security and connectivity. A number of conclusions are made using these general expressions.

Basic Human Values in the Workplace

Työntekijöiden henkilökohtaisia arvoja ja niiden yhteyksiä asenteisiin ei ole juuri tutkittu. Tämän tutkimuksen tavoitteena oli selvittää, onko suomalaisessa metalliteollisuuden yrityksen henkilöstön (N=1314) arvojen rakenne S. H. Schwartzin arvoteorian mukainen. Lisäksi tutkittiin arvojen yhteyksiä organisaatiomuutosta koskeviin asenteisiin ja tiedon jakamiseen työyhteisössä. Arvomittarina käytettiin uutta 40-osioista Portrait Value Questionnairea (PVQ). Mittarin validiteetti osoitettiin ver-taamalla nyt kerätyn aineiston arvorakennetta aikaisemmalla mittarilla kerättyihin arvoteorian mukaisiin yliopisto-opiskelijoiden vastauksiin. Organisaatiomuutosta koskevien asenteiden ja tiedonjakamisen mittarit luotiin laadullisissa esitutkimuksissa. Tilastolliset analyysit osoittivat, että toimihenkilöiden ja työntekijöiden arvojen rakenteet noudattivat pääosin Schwartzin teoriaa, mutta turvallisuusarvot sijaitsivat molemmissa ryhmissä universalismin ja hyväntahtoisuuden joukossa. Universalismi ja hyväntahtoisuus ennustivat myönteistä asennetta organisaatiomuutoksia kohtaan, mutta perinteiden ja mielihyvän arvostaminen liittyivät kielteisiin muutosasenteisiin. Sosiaalisia normeja kunnioittavien eli yhdenmukaisuutta arvostavien henkilöiden muut arvot vaikuttivat muutosasenteisiin vähemmän kuin niillä, joille yhdenmukaisuus ei ollut tärkeää. Lisäksi suoriutumisarvon yhteys muutosasenteisiin oli yhdenmukaisuutta arvostavilla henkilöillä positiivinen, mutta niillä, jotka eivät arvostaneet yhdenmukaisuutta, yhteys oli negatiivinen. Itseohjautuvuutta arvostavat henkilöt pitivät työyhteisönsä tiedon jakamista heikompana, kun taas hyväntahtoisuutta ja yhdenmukaisuutta arvostavat pitivät sitä muihin nähden parempana. Suoriutumisarvo oli yhteydessä tiedonjakamiseen vain silloin, kun yhdenmukaisuus oli tärkeää. Työpaikkojen (N=19) keskiarvoja vertailtaessa havaittiin, että ne työpaikat, joissa arvostettiin paljon universalismia, hyväntahtoisuutta ja yhdenmukaisuutta sekä vähän valtaa ja suoriutumista saivat henkilöstöltään parhaat arvioinnit tiedon jakamisesta. Tutkimukseen osallistuneet henkilöt jaettiin työtehtäviensä perusteella kolmeen ammatilliseen ympäristöön: konven-tionaaliseen (mm. taloushallinto), realistiseen (mm. tuotanto) ja yrittäjämäiseen (mm. myynti). Yrittäjämäisessä ammatillisessa ympäristössä toimivat arvostivat enemmän kuin konventionaalisessa ympäristössä toimivat valtaa, itseohjautuvuutta ja suoriutumista. Realistisessa ympäristössä arvostettiin enemmän perinteitä ja mielihyvää kuin yrittäjämäisessä ympäristössä. Ryhmien väliset erot arvoissa johtuivat koulutuksesta, iästä ja sukupuolijakaumasta.