963 resultados para Key recovery attack
Resumo:
In the construction industry, contractors have to improve the efficiency of markup decision-making to survive from fierce business competition. The effect of client type on markup decision has been aware in previous studies and contractors are advocated to take account of decision factors properly when they are confronted with different types of projects. Nevertheless, the rationales behind the inclusion of different factors in markup decision-making for different projects sustain unknown. In this study, fifty-three factors were identified after extensive literature review and interviews with professionals. The identified factors were afterwards grouped under the headings of nine attributes and compiled in a questionnaire for survey in China. Using the Hotelling’s T-square test, it is found that three attributes (i.e., project characteristic, client characteristic, and macro condition) can explain the effect of client type on contractors’ markup decision. The research findings provide useful insights into the cognition of bid pricing as well as the improvement of bidding efficiency. While the research works were situated in China, contractors in other countries could benefit from the research findings in a similar vein.
Resumo:
Authenticated Encryption (AE) is the cryptographic process of providing simultaneous confidentiality and integrity protection to messages. This approach is more efficient than applying a two-step process of providing confidentiality for a message by encrypting the message, and in a separate pass providing integrity protection by generating a Message Authentication Code (MAC). AE using symmetric ciphers can be provided by either stream ciphers with built in authentication mechanisms or block ciphers using appropriate modes of operation. However, stream ciphers have the potential for higher performance and smaller footprint in hardware and/or software than block ciphers. This property makes stream ciphers suitable for resource constrained environments, where storage and computational power are limited. There have been several recent stream cipher proposals that claim to provide AE. These ciphers can be analysed using existing techniques that consider confidentiality or integrity separately; however currently there is no existing framework for the analysis of AE stream ciphers that analyses these two properties simultaneously. This thesis introduces a novel framework for the analysis of AE using stream cipher algorithms. This thesis analyzes the mechanisms for providing confidentiality and for providing integrity in AE algorithms using stream ciphers. There is a greater emphasis on the analysis of the integrity mechanisms, as there is little in the public literature on this, in the context of authenticated encryption. The thesis has four main contributions as follows. The first contribution is the design of a framework that can be used to classify AE stream ciphers based on three characteristics. The first classification applies Bellare and Namprempre's work on the the order in which encryption and authentication processes take place. The second classification is based on the method used for accumulating the input message (either directly or indirectly) into the into the internal states of the cipher to generate a MAC. The third classification is based on whether the sequence that is used to provide encryption and authentication is generated using a single key and initial vector, or two keys and two initial vectors. The second contribution is the application of an existing algebraic method to analyse the confidentiality algorithms of two AE stream ciphers; namely SSS and ZUC. The algebraic method is based on considering the nonlinear filter (NLF) of these ciphers as a combiner with memory. This method enables us to construct equations for the NLF that relate the (inputs, outputs and memory of the combiner) to the output keystream. We show that both of these ciphers are secure from this type of algebraic attack. We conclude that using a keydependent SBox in the NLF twice, and using two different SBoxes in the NLF of ZUC, prevents this type of algebraic attack. The third contribution is a new general matrix based model for MAC generation where the input message is injected directly into the internal state. This model describes the accumulation process when the input message is injected directly into the internal state of a nonlinear filter generator. We show that three recently proposed AE stream ciphers can be considered as instances of this model; namely SSS, NLSv2 and SOBER-128. Our model is more general than a previous investigations into direct injection. Possible forgery attacks against this model are investigated. It is shown that using a nonlinear filter in the accumulation process of the input message when either the input message or the initial states of the register is unknown prevents forgery attacks based on collisions. The last contribution is a new general matrix based model for MAC generation where the input message is injected indirectly into the internal state. This model uses the input message as a controller to accumulate a keystream sequence into an accumulation register. We show that three current AE stream ciphers can be considered as instances of this model; namely ZUC, Grain-128a and Sfinks. We establish the conditions under which the model is susceptible to forgery and side-channel attacks.
Resumo:
Ramp metering is an effective motorway control tool beneficial for mainline traffic, but the long on-ramp queues created interfere with surface traffic profoundly. This study deals with the conflict between mainline benefits and thecosts of on-ramp and surface traffic. A novel local on-ramp queue management strategy with mainline speed recovery is proposed. Microscopic simulation is used to test the new strategy and compare it with other strategies. Simulation results reveal that the ramp metering with queue management strategy provides a good balance between the mainline and on-ramp performances.
Resumo:
Globally, it is estimated that 24 million people live with schizophrenia (WHO, 2008), while 1.2 million people have been diagnosed with schizophrenia in Indonesia. Auditory hallucinations are a key symptom of schizophrenia according to the DSM IV-TR (Frances, First, & Pincus, 2002). It is estimated that the prevalence of auditory hallucinations in people with schizophrenia range from 64.3% to 83.4% (Thomas et al., 2007). Until recently, the majority of studies were conducted in Western societies the primary focus of which, has been on the causes and treatments of auditory hallucinations (Walton, 1999) and on the biological and cognitive aspects of the phenomenon (Changas, Garcia-Montes, de Lemus & Olivencia, 2003). While a few studies have explored the lived experience of people with schizophrenia, there is little research about the experience of auditory hallucinations. Therefore, the focus of this study was on an exploration of the experience of auditory hallucinations as described by Indonesian people living with schizophrenia. Based on the available literature, there have been no published qualitative studies relating to the lived experience of auditory hallucinations as described by Indonesian people diagnosed with schizophrenia. Husserlian descriptive phenomenological approach was applied in explicating the phenomenon of auditory hallucinations in this study. In-depth audio-taped interviews were conducted with 13 participants. Analysis of participant transcripts was undertaken using Colaizzi.s (1973) approach. Eight major themes were explicated: Feeling more like a robot than a human being - feeling compelled to respond to auditory hallucinations; voices of contradiction - a point of confusion; a frightening experience, the voices emerged at times of loss and grief; disruption to daily living; tattered relationships and family disarray; finding a personal path to living with auditory hallucinations; seeking relief in Allah through prayer and ritual. Experiencing auditory hallucinations for people diagnosed with schizophrenia is a journey of challenges as each individual struggles to understand their now changed life-world, reconstruct a sense of meaning within their illness experience, and to carve out a pathway to wellness. The challenge for practitioners is to learn from those who have experienced auditory hallucinations, to be with them in their journey of recovery and wellness, and to apply a person-centered approach to care within the context of a multidisciplinary team.
Resumo:
Denial-of-service (DoS) attacks are a growing concern to networked services like the Internet. In recent years, major Internet e-commerce and government sites have been disabled due to various DoS attacks. A common form of DoS attack is a resource depletion attack, in which an attacker tries to overload the server's resources, such as memory or computational power, rendering the server unable to service honest clients. A promising way to deal with this problem is for a defending server to identify and segregate malicious traffic as earlier as possible. Client puzzles, also known as proofs of work, have been shown to be a promising tool to thwart DoS attacks in network protocols, particularly in authentication protocols. In this thesis, we design efficient client puzzles and propose a stronger security model to analyse client puzzles. We revisit a few key establishment protocols to analyse their DoS resilient properties and strengthen them using existing and novel techniques. Our contributions in the thesis are manifold. We propose an efficient client puzzle that enjoys its security in the standard model under new computational assumptions. Assuming the presence of powerful DoS attackers, we find a weakness in the most recent security model proposed to analyse client puzzles and this study leads us to introduce a better security model for analysing client puzzles. We demonstrate the utility of our new security definitions by including two hash based stronger client puzzles. We also show that using stronger client puzzles any protocol can be converted into a provably secure DoS resilient key exchange protocol. In other contributions, we analyse DoS resilient properties of network protocols such as Just Fast Keying (JFK) and Transport Layer Security (TLS). In the JFK protocol, we identify a new DoS attack by applying Meadows' cost based framework to analyse DoS resilient properties. We also prove that the original security claim of JFK does not hold. Then we combine an existing technique to reduce the server cost and prove that the new variant of JFK achieves perfect forward secrecy (the property not achieved by original JFK protocol) and secure under the original security assumptions of JFK. Finally, we introduce a novel cost shifting technique which reduces the computation cost of the server significantly and employ the technique in the most important network protocol, TLS, to analyse the security of the resultant protocol. We also observe that the cost shifting technique can be incorporated in any Diffine{Hellman based key exchange protocol to reduce the Diffie{Hellman exponential cost of a party by one multiplication and one addition.
Resumo:
Climate change is expected to increase earth’s temperatures and consequently result in more frequent extreme weather events such as cyclones, storms, droughts and floods and rising global sea levels. This phenomenon will affect all assets. This paper discusses the impact of climate change and its consequences on public buildings. Public building management encompasses the building life cycle from planning, procurement, operation, repair and maintenance and building disposal. This paper recommends climate change adaptation strategies to be integrated into public building management. The roles and responsibilities of asset managers and users are discussed within the framework of planning and implementation of public building management and the integration of climate change adaptation strategies. A key point is that climate change can induce premature obsolescence of public buildings and services, which will increase the maintenance and refurbishment costs. This in turn will affect the life cycle cost of the building. Furthermore, a business continuity plan is essential for public building management in the context of disasters. The paper also highlights the significant role that the occupants of public buildings can play in the development and implementation of climate change adaptation strategies.
Resumo:
Indonesia is a country spread across wide-ranging archipelago, located in South East Asia between two oceans, the Indian and the Pacific. Indonesia is well known as an active tectonic region because it lies on top of three major active tectonic plates: the Eurasian in the North, the Indian Ocean-Australian in the South, and the Pacific plate in the East. The southern and eastern part of the country features a range of volcanic arcs, volcanic mountains, and lowlands with 500 young volcanoes, of which 128 are active and thus representing 15% of the world’s active volcanoes. In the period 2002-2007, approximately 1782 disasters occurred, with hundreds of thousands of lives lost and billions of rupiah in losses incurred: (Floods - 1183 instances, cyclones - 272 instances, and landslides - 252 instances). Of these, the 2004 Aceh tsunami and the 2006 central Java earthquake (impacting predominantly city and suburbs of Yogyakarta) were the most significant. Even so, disaster management experts believe lessons learnt from the two major natural disasters needs to be formalised into laws and institutions before another disaster occurs, regardless of the type of natural disaster – i.e. Volcano eruption or landslide; as opposed to tsunami or earthquake. Following in the wake of disasters occurring in Yogyakarta, many of its community members responded by banding together as one, with the determination of rebuilding its villages and cities through the spirit of ‘gotong royong’. The idea of social interaction; in particular as a collective, consensual, and cooperative nation; has predominantly formed the ideological basis of Indonesia’s societal nature. Many Indonesian terms cohere to this ideology, such as: ‘koperasi” (cooperatives as the basis of economic interactions), ‘musyawarah’ (consensual nature in decision making), and ‘gotong royong’ (mutual assistance). ‘Gotong royong’ has become a key cultural operator in Indonesia, in particular In Jogjakarta. Appropriately so as ‘gotong royong’ is depicted from the traditional Javanese village, where labour is accomplished through reciprocal exchange and the villagers are motivated by a general ethos of selfishness and concern for the common good. The culture of ‘gotong royong’ promotes positive values such as social harmony and mutual reciprocation in disaster-affected areas provides the necessary spirit needed to endure the hardships and for all involved. While gotong royong emphasises the positive notions of mutual family support and deep community level activity there is a potential for contrast against government lead disaster response and recovery management activities especially in settings where sporadic governance mechanisms exist and transparency and accountability in the recovery process of public infrastructure assets have been questioned. This paper thus questions whether Gotong Royong is a double-edged sword, and explores the potential marriage of community values and governance mechanisms for future disaster management planning and practice.
Resumo:
A range of authors from the risk management, crisis management, and crisis communications literature have proposed different models as a means of understanding components of crisis. A generic component of these sources has focused on preparedness practices before disturbance events and response practices during events. This paper provides a critical analysis of three key explanatory models of how crises escalate highlighting the strengths and limitations of each approach. The paper introduces an optimised conceptual model utilising components from the previous work under the four phases of pre-event, response, recovery, and post-event. Within these four phases, a ten step process is introduced that can enhance understanding of the progression of distinct stages of disturbance for different types of events. This crisis evolution framework is examined as a means to provide clarity and applicability to a range of infrastructure failure contexts and provide a path for further empirical investigation in this area.
Resumo:
Trust is widely recognised as one of the key qualities that a successful leader needs to bring about change within their organization. Browning’s study aimed to identify practices which a school leader can effectively use to inspire, build, and maintain trust between themselves, their staff and Chair of governing body. The study was undertaken in two phases. Phase One was the identification of four highly trusted transformational leaders from the Australian independent schooling sector. Phase Two was a multicase study of the four school leaders. The findings provide practical advice for school leaders wishing to have a positive impact on the outcomes of the students in their school.
Resumo:
Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.
Resumo:
This paper proposes a practical prediction procedure for vertical displacement of a Rotarywing Unmanned Aerial Vehicle (RUAV) landing deck in the presence of stochastic sea state disturbances. A proper time series model tending to capture characteristics of the dynamic relationship between an observer and a landing deck is constructed, with model orders determined by a novel principle based on Bayes Information Criterion (BIC) and coefficients identified using the Forgetting Factor Recursive Least Square (FFRLS) method. In addition, a fast-converging online multi-step predictor is developed, which can be implemented more rapidly than the Auto-Regressive (AR) predictor as it requires less memory allocations when updating coefficients. Simulation results demonstrate that the proposed prediction approach exhibits satisfactory prediction performance, making it suitable for integration into ship-helicopter approach and landing guidance systems in consideration of computational capacity of the flight computer.
Resumo:
The Transport Layer Security (TLS) protocol is the most widely used security protocol on the Internet. It supports negotiation of a wide variety of cryptographic primitives through different cipher suites, various modes of client authentication, and additional features such as renegotiation. Despite its widespread use, only recently has the full TLS protocol been proven secure, and only the core cryptographic protocol with no additional features. These additional features have been the cause of several practical attacks on TLS. In 2009, Ray and Dispensa demonstrated how TLS renegotiation allows an attacker to splice together its own session with that of a victim, resulting in a man-in-the-middle attack on TLS-reliant applications such as HTTP. TLS was subsequently patched with two defence mechanisms for protection against this attack. We present the first formal treatment of renegotiation in secure channel establishment protocols. We add optional renegotiation to the authenticated and confidential channel establishment model of Jager et al., an adaptation of the Bellare--Rogaway authenticated key exchange model. We describe the attack of Ray and Dispensa on TLS within our model. We show generically that the proposed fixes for TLS offer good protection against renegotiation attacks, and give a simple new countermeasure that provides renegotiation security for TLS even in the face of stronger adversaries.
Resumo:
A key derivation function is used to generate one or more cryptographic keys from a private (secret) input value. This paper proposes a new method for constructing a generic stream cipher based key derivation function. We show that our proposed key derivation function based on stream ciphers is secure if the underlying stream cipher is secure. We simulate instances of this stream cipher based key derivation function using three eStream finalist: Trivium, Sosemanuk and Rabbit. The simulation results show these stream cipher based key derivation functions offer efficiency advantages over the more commonly used key derivation functions based on block ciphers and hash functions.
Resumo:
Between mid 2010 and early 2013, Queensland road related infrastructures were devastated by flood and cyclone related natural disasters. Responding to these recent events and in preparing for more regular and intense climate-change induced events in future, the Queensland Government is now reviewing how post-disaster road infrastructure recovery projects are planned and delivered. In particular, there is awareness that rebuilding such infrastructure need sustainable strategies across economic, environmental and social dimensions. A comprehensive sustainability assessment framework for pre and post disaster situations can minimize negative impact on our communities, economy and environment. This research is underway to develop a comprehensive sustainability element frame work for post disaster management in road infrastructures in Queensland, Australia. Analyzing the implications of disruption to transport network and associated services is an important part of preparing local and regional responses to the impacts of natural disasters. This research can contribute to strategic planning, management leading to safe, efficient and integrated transport system that supports sustainable economic, social and environmental outcomes in Queensland. Within this context, this paper provides an overview of the qualitative mixed-method research approach involving literature reviews and case studies to explore and evaluate a number of sustainability elements with a view to develop operational strategies for disaster recovery road projects.
Resumo:
The objective of exercise training is to initiate desirable physiological adaptations that ultimately enhance physical work capacity. Optimal training prescription requires an individualized approach, with an appropriate balance of training stimulus and recovery and optimal periodization. Recovery from exercise involves integrated physiological responses. The cardiovascular system plays a fundamental role in facilitating many of these responses, including thermoregulation and delivery/removal of nutrients and waste products. As a marker of cardiovascular recovery, cardiac parasympathetic reactivation following a training session is highly individualized. It appears to parallel the acute/intermediate recovery of the thermoregulatory and vascular systems, as described by the supercompensation theory. The physiological mechanisms underlying cardiac parasympathetic reactivation are not completely understood. However, changes in cardiac autonomic activity may provide a proxy measure of the changes in autonomic input into organs and (by default) the blood flow requirements to restore homeostasis. Metaboreflex stimulation (e.g. muscle and blood acidosis) is likely a key determinant of parasympathetic reactivation in the short term (0–90 min post-exercise), whereas baroreflex stimulation (e.g. exercise-induced changes in plasma volume) probably mediates parasympathetic reactivation in the intermediate term (1–48 h post-exercise). Cardiac parasympathetic reactivation does not appear to coincide with the recovery of all physiological systems (e.g. energy stores or the neuromuscular system). However, this may reflect the limited data currently available on parasympathetic reactivation following strength/resistance-based exercise of variable intensity. In this review, we quantitatively analyse post-exercise cardiac parasympathetic reactivation in athletes and healthy individuals following aerobic exercise, with respect to exercise intensity and duration, and fitness/training status. Our results demonstrate that the time required for complete cardiac autonomic recovery after a single aerobic-based training session is up to 24 h following low-intensity exercise, 24–48 h following threshold-intensity exercise and at least 48 h following high-intensity exercise. Based on limited data, exercise duration is unlikely to be the greatest determinant of cardiac parasympathetic reactivation. Cardiac autonomic recovery occurs more rapidly in individuals with greater aerobic fitness. Our data lend support to the concept that in conjunction with daily training logs, data on cardiac parasympathetic activity are useful for individualizing training programmes. In the final sections of this review, we provide recommendations for structuring training microcycles with reference to cardiac parasympathetic recovery kinetics. Ultimately, coaches should structure training programmes tailored to the unique recovery kinetics of each individual.
