971 resultados para security protocols
Resumo:
Cooperative Intelligent Transportation Systems (C-ITS) allow in-vehicle systems, and ultimately the driver, to enhance their awareness of their surroundings by enabling communication between vehicles and road infrastructure. C-ITS are widely considered as the next major step in driving assistance systems, aiming at increasing safety, comfort and mobility for drivers. However, any communicating systems are subjected to security threats. A key component for providing secure communications at a large scale is a Public Key Infrastructure (PKI). Due to the safety-critical nature of Vehicle-to-Vehicle (V2V) communications, a C-ITS PKI has functional, performance and scalability requirements that differ from traditional non-automotive environments. This paper identifies and defines the key functional and security requirements for C-ITS PKI systems and analyses proposed C-ITS PKI standards against these requirements. In particular, the proposed US and European C-ITS PKI systems are identified as being too complex and not scalable. The paper also highlights various privacy, security and scalability concerns that should be considered for a secure C-ITS PKI solution in the Australian transport landscape.
Resumo:
Protocols for secure archival storage are becoming increasingly important as the use of digital storage for sensitive documents is gaining wider practice. Wong et al.[8] combined verifiable secret sharing with proactive secret sharing without reconstruction and proposed a verifiable secret redistribution protocol for long term storage. However their protocol requires that each of the receivers is honest during redistribution. We proposed[3] an extension to their protocol wherein we relaxed the requirement that all the recipients should be honest to the condition that only a simple majority amongst the recipients need to be honest during the re(distribution) processes. Further, both of these protocols make use of Feldman's approach for achieving integrity during the (redistribution processes. In this paper, we present a revised version of our earlier protocol, and its adaptation to incorporate Pedersen's approach instead of Feldman's thereby achieving information theoretic secrecy while retaining integrity guarantees.
Resumo:
The power system network is assumed to be in steady-state even during low frequency transients. However, depending on generator dynamics, and toad and control characteristics, the system model and the nature of power flow equations can vary The nature of power flow equations describing the system during a contingency is investigated in detail. It is shown that under some mild assumptions on load-voltage characteristics, the power flow equations can be decoupled in an exact manner. When the generator dynamics are considered, the solutions for the load voltages are exact if load nodes are not directly connected to each other
Resumo:
Secure communication channels are typically constructed from an authenticated key exchange (AKE) protocol, which authenticates the communicating parties and establishes shared secret keys, and a secure data transmission layer, which uses the secret keys to encrypt data. We address the partial leakage of communicating parties' long-term secret keys due to various side-channel attacks, and the partial leakage of plaintext due to data compression. Both issues can negatively affect the security of channel establishment and data transmission. In this work, we advance the modelling of security for AKE protocols by considering more granular partial leakage of parties' long-term secrets. We present generic and concrete constructions of two-pass leakage-resilient key exchange protocols that are secure in the proposed security models. We also examine two techniques--heuristic separation of secrets and fixed-dictionary compression--for enabling compression while protecting high-value secrets.
Resumo:
In this note the authors examine two cases, one from Australia, the other from New Zealand, both of which explore the responsibility of legal practitioners engaged as professionals in the buying and selling of land. What is shown is that the allocation of risk and responsibility is constantly under scrutiny for those involved in the conveyancing process, something which the nascent Australian electronic conveyancing protocols will only heighten.
Resumo:
Purpose This study evaluated the impact of a daily and weekly image-guided radiotherapy protocols in reducing setup errors and setting of appropriate margins in head and neck cancer patients. Materials and methods Interfraction and systematic shifts for the hypothetical day 1–3 plus weekly imaging were extrapolated from daily imaging data from 31 patients (964 cone beam computed tomography (CBCT) scans). In addition, residual setup errors were calculated by taking the average shifts in each direction for each patient based on the first three shifts and were presumed to represent systematic setup error. The clinical target volume (CTV) to planning target volume (PTV) margins were calculated using van Herk formula and analysed for each protocol. Results The mean interfraction shifts for daily imaging were 0·8, 0·3 and 0·5 mm in the S-I (superior-inferior), L-R (left-right) and A-P (anterior-posterior) direction, respectively. On the other hand the mean shifts for day 1–3 plus weekly imaging were 0·9, 1·8 and 0·5 mm in the S-I, L-R and A-P direction, respectively. The mean day 1–3 residual shifts were 1·5, 2·1 and 0·7 mm in the S-I, L-R and A-P direction, respectively. No significant difference was found in the mean setup error for the daily and hypothetical day 1–3 plus weekly protocol. However, the calculated CTV to PTV margins for the daily interfraction imaging data were 1·6, 3·8 and 1·4 mm in the S-I, L-R and A-P directions, respectively. Hypothetical day 1–3 plus weekly resulted in CTV–PTV margins of 5, 4·2 and 5 mm in the S-I, L-R and A-P direction. Conclusions The results of this study show that a daily CBCT protocol reduces setup errors and allows setup margin reduction in head and neck radiotherapy compared to a weekly imaging protocol.
Resumo:
Content delivery networks (CDNs) are an essential component of modern website infrastructures: edge servers located closer to users cache content, increasing robustness and capacity while decreasing latency. However, this situation becomes complicated for HTTPS content that is to be delivered using the Transport Layer Security (TLS) protocol: the edge server must be able to carry out TLS handshakes for the cached domain. Most commercial CDNs require that the domain owner give their certificate's private key to the CDN's edge server or abandon caching of HTTPS content entirely. We examine the security and performance of a recently commercialized delegation technique in which the domain owner retains possession of their private key and splits the TLS state machine geographically with the edge server using a private key proxy service. This allows the domain owner to limit the amount of trust given to the edge server while maintaining the benefits of CDN caching. On the performance front, we find that latency is slightly worse compared to the insecure approach, but still significantly better than the domain owner serving the content directly. On the security front, we enumerate the security goals for TLS handshake proxying and identify a subtle difference between the security of RSA key transport and signed-Diffie--Hellman in TLS handshake proxying; we also discuss timing side channel resistance of the key server and the effect of TLS session resumption.
Resumo:
The Internet Engineering Task Force (IETF) is currently developing the next version of the Transport Layer Security (TLS) protocol, version 1.3. The transparency of this standardization process allows comprehensive cryptographic analysis of the protocols prior to adoption, whereas previous TLS versions have been scrutinized in the cryptographic literature only after standardization. This is even more important as there are two related, yet slightly different, candidates in discussion for TLS 1.3, called draft-ietf-tls-tls13-05 and draft-ietf-tls-tls13-dh-based. We give a cryptographic analysis of the primary ephemeral Diffie–Hellman-based handshake protocol, which authenticates parties and establishes encryption keys, of both TLS 1.3 candidates. We show that both candidate handshakes achieve the main goal of providing secure authenticated key exchange according to an augmented multi-stage version of the Bellare–Rogaway model. Such a multi-stage approach is convenient for analyzing the design of the candidates, as they establish multiple session keys during the exchange. An important step in our analysis is to consider compositional security guarantees. We show that, since our multi-stage key exchange security notion is composable with arbitrary symmetric-key protocols, the use of session keys in the record layer protocol is safe. Moreover, since we can view the abbreviated TLS resumption procedure also as a symmetric-key protocol, our compositional analysis allows us to directly conclude security of the combined handshake with session resumption. We include a discussion on several design characteristics of the TLS 1.3 drafts based on the observations in our analysis.
Resumo:
Security models for two-party authenticated key exchange (AKE) protocols have developed over time to capture the security of AKE protocols even when the adversary learns certain secret values. Increased granularity of security can be modelled by considering partial leakage of secrets in the manner of models for leakage-resilient cryptography, designed to capture side-channel attacks. In this work, we use the strongest known partial-leakage-based security model for key exchange protocols, namely continuous after-the-fact leakage eCK (CAFL-eCK) model. We resolve an open problem by constructing the first concrete two-pass leakage-resilient key exchange protocol that is secure in the CAFL-eCK model.
Resumo:
In its October 2003 report on the definition of disability used by the Social Security Administration’s (SSA’s) disability programs [i.e., Social Security Disability Insurance (SSDI) and Supplemental Security Income (SSI) for people with disabilities], the Social Security Advisory Board raises the issue of whether this definition is at odds with the concept of disability embodied in the Americans with Disabilities Act (ADA) and, more importantly, with the aspirations of people with disabilities to be full participants in mainstream social activities and lead fulfilling, productive lives. The Board declares that “the Nation must face up to the contradictions created by the existing definition of disability.” I wholeheartedly agree. Further, I have concluded that we have to make fundamental, conceptual changes to both how we define eligibility for economic security benefits, and how we provide those benefits, if we are ever to fulfill the promise of the ADA. To convince you of that proposition, I will begin by relating a number of facts that paint a very bleak picture – a picture of deterioration in the economic security of the population that the disability programs are intended to serve; a picture of programs that purport to provide economic security, but are themselves financially insecure and subject to cycles of expansion and cuts that undermine their purpose; a picture of programs that are facing their biggest expenditure crisis ever; and a picture of an eligibility determination process that is inefficient and inequitable -- one that rations benefits by imposing high application costs on applicants in an arbitrary fashion. I will then argue that the fundamental reason for this bleak picture is the conceptual definition of eligibility that these programs use – one rooted in a disability paradigm that social scientists, people with disabilities, and, to a substantial extent, the public have rejected as being flawed, most emphatically through the passage of the ADA. Current law requires eligibility rules to be based on the premise that disability is medically determinable. That’s wrong because, as the ADA recognizes, a person’s environment matters. I will further argue that programs relying on this eligibility definition must inevitably: reward people if they do not try to help themselves, but not if they do; push the people they serve out of society’s mainstream, fostering a culture of isolation and dependency; relegate many to a lifetime of poverty; and undermine their promise of economic security because of the periodic “reforms” that are necessary to maintain taxpayer support. I conclude by pointing out that to change the conceptual definition for program eligibility, we also must change our whole approach to providing for the economic security of people with disabilities. We need to replace our current “caretaker” approach with one that emphasizes helping people with disabilities help themselves. I will briefly describe features that such a program might require, and point out the most significant challenges we would face in making the transition.
Resumo:
Much attention has been focused on the decline of traditional employment structures in the advanced industrial countries. Lesser attention has focused on this issue in Asia. In this comparative essay, the authors examine the changes in employment security in China, India, Japan, and South Korea. They focus on the historical development of the employment security social contract in these countries, noting the institutional features that gave rise to it in each country. They then examine the resilience of employment security norms under recent economic pressures. They find there has been substantial erosion in employment security during the 1990s in all four countries due to both increased competition and economic liberalization, although there is some variation in both the rate of erosion as well as the prospects for revival of the social contract. They assess the possibilities of a revival in this particular social contract, and the impact of the erosion on unorganized workers.
Resumo:
This Just the Facts Series details Work Study and Supplemental Security Income.
Resumo:
This newsletter will provide valuable information on how work for persons with disabilities effects government benefits, with an emphasis on the Supplemental Security Income (SSI) and Social Security Disability Insurance (SSDI) work incentives. Each newsletter will contribute to an ongoing dialogue on topics related to benefits and work.
Resumo:
The concept of food security is often anchored in popular understandings of the challenge to produce and supply enough food. However, decades of policies for intensive agriculture have not alleviated hunger and malnutrition, with an absence of food security featuring in both economically developing and developed nations. Despite perceptions that the economic growth in advanced, capitalist societies will ensure freedom from hunger, this is not universal across so-called ‘wealthy nations’. To explore the dynamics of food security in economically developed countries, this paper considers institutional approaches to domestic food security primarily through responses to poverty and welfare entitlements, and, secondarily, through food relief. Through the lens of social entitlements to food and their formation under various expressions of welfare capitalism, we highlight how the specific institutional settings of two economically developed nations, Australia and Norway, respond to uncertain or insufficient access to food. Whilst Norway's political agenda on agricultural support, food pricing regulation and universal social security support offers a robust, although indirect, safety net in ensuring entitlements to food, Australia's neoliberal trajectory means that approaches to food security are ad hoc and rely on a combination of self-help, charitable and market responses. Despite its extensive food production Australia appears less capable of ensuring food security for all its inhabitants compared to the highly import-dependent Norway.
