Civil-Military Relations in Croatia: Politicisation and Politics of Reform.

This article argues that since 2000 successive Croatian governments have shown themselves increasingly dedicated to reforming civil-military relations. However, their efforts have been hampered by four key obstacles. First, the need to implement defence reforms in the context of an unwieldy set of civil-military relationships, political and institutional rivalries, a lack of civil and military defence expertise and a continuing legacy of politicisation. Second, the need to cut defence spending as a proportion of the overall budget whilst taking on new military roles and improving the capability of the armed forces. Third, the need to balance the demands of the NATO accession process while implementing a balanced and fundamental reform of the armed forces as a whole. Finally, the need to implement root and branch personnel reforms and downsizing in the OSRH while simultaneously recruiting and retaining quality personnel and addressing the wider social issue of unemployment.

Identifying critical components during information security evaluations

Electronic communications devices intended for government or military applications must be rigorously evaluated to ensure that they maintain data confidentiality. High-grade information security evaluations require a detailed analysis of the device's design, to determine how it achieves necessary security functions. In practice, such evaluations are labour-intensive and costly, so there is a strong incentive to find ways to make the process more efficient. In this paper we show how well-known concepts from graph theory can be applied to a device's design to optimise information security evaluations. In particular, we use end-to-end graph traversals to eliminate components that do not need to be evaluated at all, and minimal cutsets to identify the smallest group of components that needs to be evaluated in depth.

Fault evaluation for security-critical communications devices

Communications devices for government or military applications must keep data secure, even when their electronic components fail. Combining information flow and risk analyses could make fault-mode evaluations for such devices more efficient and cost-effective.

Taming the tigers? Reforming the security sector in Southeast Asia

Despite global trends towards military reform characterized by processes of professionalization and democratization, militaries in Southeast Asia have continued to play prominent roles in domestic politics since 11 September. This suggests that wider patterns of global military reform have not had as great an impact on the control, capacity and cooperative functions of armed forces in Southeast Asia as they may have elsewhere. In order to explore why the security sector reform agenda has had so little impact in the region, we investigate recent patterns of civil-military relations in Southeast Asia by focusing on the experiences of four of the region's militaries: Malaysia, Thailand, the Philippines and Indonesia. We argue that the security sector reform agenda is informed by a predominantly North American approach to civil-military relations based on a number of core assumptions that do not reflect Southeast Asian experiences. Hence, we ask whether the reform agenda itself could be modified to better suit the Southeast Asian context. We suggest that although the regional military sector has not reformed along a 'Western' path it is nonetheless possible to see other types of, and potential for, reform.

Security and reliability of LPDC based public-key cryptosystems

Security and reliability of LDPC based public-key cryptosystems are discussed and analysed. We study attacks on the cryptosystem when partial knowledge of one or more of the private key components and/or of the plaintext have been acquired.

Cryptographic techniques for personal communication systems security

The advent of personal communication systems within the last decade has depended upon the utilization of advanced digital schemes for source and channel coding and for modulation. The inherent digital nature of the communications processing has allowed the convenient incorporation of cryptographic techniques to implement security in these communications systems. There are various security requirements, of both the service provider and the mobile subscriber, which may be provided for in a personal communications system. Such security provisions include the privacy of user data, the authentication of communicating parties, the provision for data integrity, and the provision for both location confidentiality and party anonymity. This thesis is concerned with an investigation of the private-key and public-key cryptographic techniques pertinent to the security requirements of personal communication systems and an analysis of the security provisions of Second-Generation personal communication systems is presented. Particular attention has been paid to the properties of the cryptographic protocols which have been employed in current Second-Generation systems. It has been found that certain security-related protocols implemented in the Second-Generation systems have specific weaknesses. A theoretical evaluation of these protocols has been performed using formal analysis techniques and certain assumptions made during the development of the systems are shown to contribute to the security weaknesses. Various attack scenarios which exploit these protocol weaknesses are presented. The Fiat-Sharmir zero-knowledge cryptosystem is presented as an example of how asymmetric algorithm cryptography may be employed as part of an improved security solution. Various modifications to this cryptosystem have been evaluated and their critical parameters are shown to be capable of being optimized to suit a particular applications. The implementation of such a system using current smart card technology has been evaluated.

Exploiting sensitivity of nonorthogonal joint diagonalisation as a security mechanism in steganography

We have recently proposed the framework of independent blind source separation as an advantageous approach to steganography. Amongst the several characteristics noted was a sensitivity to message reconstruction due to small perturbations in the sources. This characteristic is not common in most other approaches to steganography. In this paper we discuss how this sensitivity relates the joint diagonalisation inside the independent component approach, and reliance on exact knowledge of secret information, and how it can be used as an additional and inherent security mechanism against malicious attack to discovery of the hidden messages. The paper therefore provides an enhanced mechanism that can be used for e-document forensic analysis and can be applied to different dimensionality digital data media. In this paper we use a low dimensional example of biomedical time series as might occur in the electronic patient health record, where protection of the private patient information is paramount.

EU governance of the internet:analyzing Europol’s role in the development of a EU cyber crime and cyber security policies

In recent years, the European Union has come to view cyber security, and in particular, cyber crime as one of the most relevant challenges to the completion of its Area of Freedom, Security and Justice. Given European societies’ increased reliance on borderless and decentralized information technologies, this sector of activity has been identified as an easy target for actors such as organised criminals, hacktivists or terrorist networks. Such analysis has been accompanied by EU calls to step up the fight against unlawful online activities, namely through increased cooperation among law enforcement authorities (both national and extra- communitarian), the approximation of legislations, and public- private partnerships. Although EU initiatives in this field have, so far, been characterized by a lack of interconnection and an integrated strategy, there has been, since the mid- 2000s, an attempt to develop a more cohesive and coordinated policy. An important part of this policy is connected to the activities of Europol, which have come to assume a central role in the coordination of intelligence gathering and analysis of cyber crime. The European Cybercrime Center (EC3), which will become operational within Europol in January 2013, is regarded, in particular, as a focal point of the EU’s fight against this phenomenon. Bearing this background in mind, the present article wishes to understand the role of Europol in the development of a European policy to counter the illegal use of the internet. The article proposes to reach this objective by analyzing, through the theoretical lenses of experimental governance, the evolution of this agency’s activities in the area of cyber crime and cyber security, its positioning as an expert in the field, and the consequences for the way this policy is currently developing and is expected to develop in the near future.

Product cipher negotiation with on-line evaluation for private communication over computer networks

A method is proposed to offer privacy in computer communications, using symmetric product block ciphers. The security protocol involved a cipher negotiation stage, in which two communicating parties select privately a cipher from a public cipher space. The cipher negotiation process includes an on-line cipher evaluation stage, in which the cryptographic strength of the proposed cipher is estimated. The cryptographic strength of the ciphers is measured by confusion and diffusion. A method is proposed to describe quantitatively these two properties. For the calculation of confusion and diffusion a number of parameters are defined, such as the confusion and diffusion matrices and the marginal diffusion. These parameters involve computationally intensive calculations that are performed off-line, before any communication takes place. Once they are calculated, they are used to obtain estimation equations, which are used for on-line, fast evaluation of the confusion and diffusion of the negotiated cipher. A technique proposed in this thesis describes how to calculate the parameters and how to use the results for fast estimation of confusion and diffusion for any cipher instance within the defined cipher space.

Beyond securitisation : Western Mediterranean international relations from a security perspective 1989-2002

Following the end of the Cold War and the ensuing changes to the international landscape, thinking about security has tended to become more discursive and interpretative in nature. What counts as security has increasingly derived from security discourses (that is, 'securitisation') and uncertainty about the multi-faceted future facing various countries and regions. Within this post-Cold War discourse, the Western Mediterranean has emerged as a region fraught with latent and manifest threats in the economic, political, societal and military sectors. Improved access to EU markets for Maghrebi exports; the security of energy supplies to the EU from Algeria and Libya; lack of democracy and the advance of political Islam; the flow of northward migration and worries about law and order in France, Italy and Spain; the growth in military expenditure and weapons proliferation in the Maghreb; all have been central to the securitisation agenda. However, this agenda has often lacked credibility especially when inter-linkages have purportedly been established between economic underdevelopment and political instability, between the advance of political Islam and the threat to energy supplies, or between immigration and the threat to national identity. Such inter-sectoral linkages distract from the credibility of those 'securitisation instances' which correspond to reality; the former linkages have often been exploited by extremist politicians in south-west European countries as well as by regimes in the Maghreb to advance their respective interests. Thus, securitisation may defeat its main purpose; it may generate responses out of keeping with the aims proclaimed at the outset, aims centred on the countering of real threats and the ensuring of greater stability.

Evaluating spread models with a basket security

In this article we evaluate the most widely used spread decomposition models using Exchange Traded Funds (ETFs). These funds are an example of a basket security and allow the diversification of private information causing these securities to have lower adverse selection costs than individual securities. We use this feature as a criterion for evaluating spread decomposition models. Comparisons of adverse selection costs for ETF's and control securities obtained from spread decomposition models show that only the Glosten-Harris (1988) and the Madhavan-Richardson-Roomans (1997) models provide estimates of the spread that are consistent with the diversification of private information in a basket security. Our results are robust even after controlling for the stock exchange. © 2011 Copyright Taylor and Francis Group, LLC.

ICT Security Management

Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results in security scores for each security factor and also in a general security score. The goal is to increase the security score Ss to a postulated level by focusing on the critical security factors, those with a low security score.

Computer Networks Security Models - A New Approach for Denial-of-Services Attacks Mitigation

Computer networks are a critical factor for the performance of a modern company. Managing networks is as important as managing any other aspect of the company’s performance and security. There are many tools and appliances for monitoring the traffic and analyzing the network flow security. They use different approaches and rely on a variety of characteristics of the network flows. Network researchers are still working on a common approach for security baselining that might enable early watch alerts. This research focuses on the network security models, particularly the Denial-of-Services (DoS) attacks mitigation, based on a network flow analysis using the flows measurements and the theory of Markov models. The content of the paper comprises the essentials of the author’s doctoral thesis.

Subsidies, rent seeking and performance:being young, small or private in China

Entrepreneurs in emerging market economies operate in weak institutional contexts, which can imply different types of government. In some countries (e.g., Russia), the government is predatory, and the main risk faced by (successful) entrepreneurs relates to expropriation. In other countries (like China) this kind of risk is lower; nevertheless the government is intrusive, and the rules of the game remain fluid. The implication of the latter for entrepreneurs is that they are more likely to spend time and resources on influence (rent seeking) activities rather than on productive activities.We illustrate this type of government by focusing on the distribution of subsidies in China.We present a simple formalmodel that explores not only the direct effects of rent seeking for a company but also externalities under a situation of policy-generated uncertainty in the distribution of subsidies.We explore how these effects differ for the entrepreneurial sector (young, private and small companies) compared with other sectors. We posit that while the performance of private companies is more affected than the performance of state firms, the impact of government-induced uncertainty on young and small companies is actually less pronounced. Our empirical analysis, based on a unique large dataset of 2.4 million observations on Chinese companies, takes advantage of the regional and sectoral heterogeneity of China for empirical tests.