922 resultados para secure protocal
Resumo:
To protect the health information security, cryptography plays an important role to establish confidentiality, authentication, integrity and non-repudiation. Keys used for encryption/decryption and digital signing must be managed in a safe, secure, effective and efficient fashion. The certificate-based Public Key Infrastructure (PKI) scheme may seem to be a common way to support information security; however, so far, there is still a lack of successful large-scale certificate-based PKI deployment in the world. In addressing the limitations of the certificate-based PKI scheme, this paper proposes a non-certificate-based key management scheme for a national e-health implementation. The proposed scheme eliminates certificate management and complex certificate validation procedures while still maintaining security. It is also believed that this study will create a new dimension to the provision of security for the protection of health information in a national e-health environment.
Resumo:
Discourses of public education reform, like that exemplified within the Queensland Government’s future vision document, Queensland State Education-2010 (QSE-2010), position schooling as a panacea to pervasive social instability and a means to achieve a new consensus. However, in unravelling the many conflicting statements that conjoin to form education policy and inform related literature (Ball, 1993), it becomes clear that education reform discourse is polyvalent (Foucault, 1977). Alongside visionary statements that speak of public education as a vehicle for social justice are the (re)visionary or those reflecting neoliberal individualism and a conservative politics. In this paper, it is argued that the latter coagulate to form strategic discursive practices which work to (re)secure dominant relations of power. Further, discussion of the characteristics needed by the “ideal” future citizen of Queensland reflect efforts to ‘tame change through the making of the child’ (Popkewitz, 2004, p.201). The casualties of this (re)vision and the refusal to investigate the pathologies of “traditional” schooling are the children who, for whatever reason, do not conform to the norm of the desired school child as an “ideal” citizen-in-the-making and who become relegated to alternative educational settings.
Resumo:
Secure communications between large number of sensor nodes that are randomly scattered over a hostile territory, necessitate efficient key distribution schemes. However, due to limited resources at sensor nodes such schemes cannot be based on post deployment computations. Instead, pairwise (symmetric) keys are required to be pre-distributed by assigning a list of keys, (a.k.a. key-chain), to each sensor node. If a pair of nodes does not have a common key after deployment then they must find a key-path with secured links. The objective is to minimize the keychain size while (i) maximizing pairwise key sharing probability and resilience, and (ii) minimizing average key-path length. This paper presents a deterministic key distribution scheme based on Expander Graphs. It shows how to map the parameters (e.g., degree, expansion, and diameter) of a Ramanujan Expander Graph to the desired properties of a key distribution scheme for a physical network topology.
Resumo:
In the modern connected world, pervasive computing has become reality. Thanks to the ubiquity of mobile computing devices and emerging cloud-based services, the users permanently stay connected to their data. This introduces a slew of new security challenges, including the problem of multi-device key management and single-sign-on architectures. One solution to this problem is the utilization of secure side-channels for authentication, including the visual channel as vicinity proof. However, existing approaches often assume confidentiality of the visual channel, or provide only insufficient means of mitigating a man-in-the-middle attack. In this work, we introduce QR-Auth, a two-step, 2D barcode based authentication scheme for mobile devices which aims specifically at key management and key sharing across devices in a pervasive environment. It requires minimal user interaction and therefore provides better usability than most existing schemes, without compromising its security. We show how our approach fits in existing authorization delegation and one-time-password generation schemes, and that it is resilient to man-in-the-middle attacks.
Resumo:
Internet services are important part of daily activities for most of us. These services come with sophisticated authentication requirements which may not be handled by average Internet users. The management of secure passwords for example creates an extra overhead which is often neglected due to usability reasons. Furthermore, password-based approaches are applicable only for initial logins and do not protect against unlocked workstation attacks. In this paper, we provide a non-intrusive identity verification scheme based on behavior biometrics where keystroke dynamics based-on free-text is used continuously for verifying the identity of a user in real-time. We improved existing keystroke dynamics based verification schemes in four aspects. First, we improve the scalability where we use a constant number of users instead of whole user space to verify the identity of target user. Second, we provide an adaptive user model which enables our solution to take the change of user behavior into consideration in verification decision. Next, we identify a new distance measure which enables us to verify identity of a user with shorter text. Fourth, we decrease the number of false results. Our solution is evaluated on a data set which we have collected from users while they were interacting with their mail-boxes during their daily activities.
Resumo:
Private data stored on smartphones is a precious target for malware attacks. A constantly changing environment, e.g. switching network connections, can cause unpredictable threats, and require an adaptive approach to access control. Context-based access control is using dynamic environmental information, including it into access decisions. We propose an "ecosystem-in-an-ecosystem" which acts as a secure container for trusted software aiming at enterprise scenarios where users are allowed to use private devices. We have implemented a proof-of-concept prototype for an access control framework that processes changes to low-level sensors and semantically enriches them, adapting access control policies to the current context. This allows the user or the administrator to maintain fine-grained control over resource usage by compliant applications. Hence, resources local to the trusted container remain under control of the enterprise policy. Our results show that context-based access control can be done on smartphones without major performance impact.
Resumo:
Secure communications in distributed Wireless Sensor Networks (WSN) operating under adversarial conditions necessitate efficient key management schemes. In the absence of a priori knowledge of post-deployment network configuration and due to limited resources at sensor nodes, key management schemes cannot be based on post-deployment computations. Instead, a list of keys, called a key-chain, is distributed to each sensor node before the deployment. For secure communication, either two nodes should have a key in common in their key-chains, or they should establish a key through a secure-path on which every link is secured with a key. We first provide a comparative survey of well known key management solutions for WSN. Probabilistic, deterministic and hybrid key management solutions are presented, and they are compared based on their security properties and re-source usage. We provide a taxonomy of solutions, and identify trade-offs in them to conclude that there is no one size-fits-all solution. Second, we design and analyze deterministic and hybrid techniques to distribute pair-wise keys to sensor nodes before the deployment. We present novel deterministic and hybrid approaches based on combinatorial design theory and graph theory for deciding how many and which keys to assign to each key-chain before the sensor network deployment. Performance and security of the proposed schemes are studied both analytically and computationally. Third, we address the key establishment problem in WSN which requires key agreement algorithms without authentication are executed over a secure-path. The length of the secure-path impacts the power consumption and the initialization delay for a WSN before it becomes operational. We formulate the key establishment problem as a constrained bi-objective optimization problem, break it into two sub-problems, and show that they are both NP-Hard and MAX-SNP-Hard. Having established inapproximability results, we focus on addressing the authentication problem that prevents key agreement algorithms to be used directly over a wireless link. We present a fully distributed algorithm where each pair of nodes can establish a key with authentication by using their neighbors as the witnesses.
Resumo:
The disparity that exists between the highest and lowest achievers together with deficit approaches to teaching, learning and assessment raise serious equity issues related to fairness, validity, culture and access, which were analysed in a recent Australian Research Council funded project. This chapter explores the potential that exists for teachers to work with Indigenous Teacher Assistants (ITAs) to secure cultural connectedness in teaching, learning and assessment of Indigenous students. The study was a design experiment, which was conducted in seven Catholic and Independent primary schools in northern Queensland and involved semi-structured focus group interviews with Year 4 and 6 Indigenous students, principals, teachers and Indigenous Teacher Assistants. Classroom observations and document analyses were also conducted. This corpus of data was analysed using a sociocultural theoretical lens. The use of a sociocultural analysis helped to identify cultural influences, Indigenous students’ funds of knowledge and values. The information from this analysis was made explicit to teachers to demonstrate how they could enhance their pedagogic and assessment practices by embracing and extending the cultural spaces for learning and teaching of Indigenous students. The way in which teachers construct their interactions for greater cultural connectedness and enhanced learning would appear to rely on relationship building with Indigenous staff, Indigenous students’ cultural knowledge, and improved understanding of assessment and related equity issues.
Resumo:
Identity-Based (IB) cryptography is a rapidly emerging approach to public-key cryptography that does not require principals to pre-compute key pairs and obtain certificates for their public keys— instead, public keys can be arbitrary identifiers such as email addresses, while private keys are derived at any time by a trusted private key generator upon request by the designated principals. Despite the flurry of recent results on IB encryption and signature, some questions regarding the security and efficiency of practicing IB encryption (IBE) and signature (IBS) as a joint IB signature/encryption (IBSE) scheme with a common set of parameters and keys, remain unanswered. We first propose a stringent security model for IBSE schemes. We require the usual strong security properties of: (for confidentiality) indistinguishability against adaptive chosen-ciphertext attacks, and (for nonrepudiation) existential unforgeability against chosen-message insider attacks. In addition, to ensure as strong as possible ciphertext armoring, we also ask (for anonymity) that authorship not be transmitted in the clear, and (for unlinkability) that it remain unverifiable by anyone except (for authentication) by the legitimate recipient alone. We then present an efficient IBSE construction, based on bilinear pairings, that satisfies all these security requirements, and yet is as compact as pairing-based IBE and IBS in isolation. Our scheme is secure, compact, fast and practical, offers detachable signatures, and supports multirecipient encryption with signature sharing for maximum scalability.
Resumo:
This study investigates the development of teacher identity in a transnational context through an analysis of the voices of sixteen preservice teachers from Hong Kong who engage in interaction with primary students in an Australian classroom. The context for this research is the school-based experience undertaken by these preservice English as a second language teachers as part of their short language immersion (SLIM) program in Brisbane, Australia. Such SLIM programs are a genre of study abroad programs which have been gaining in popularity within teacher education in Australia, attended by preservice and inservice teachers from China, Hong Kong, Korea, and other Asian countries. This research is conducted at a time when the imperative to globalise higher education provision is a strategic factor in the educational policies of both Australia and Hong Kong. In Australia, international educational services now constitute the country’s third largest export with more than 400,000 students coming to Australia to study annually. In order to maintain Australia’s current global position as the third most popular Englishspeaking study destination, the government is now focusing on sustainability and the quality of the study experience being offered to international students (Bradley Review, 2008). In Hong Kong, the government sponsors both preservice and inservice English as a second language (ESL) teachers to undertake SLIM programs in Australia and other English-speaking countries, as part of their policy of promoting high levels of English proficiency in Hong Kong classrooms. Transnational teacher education is an important issue to which this study contributes insights into the affordances and constraints of a school-based experience in the transnational context. Second language teacher education has been defined as interventions designed to develop participants’ professional knowledge. In this study, it is argued that participation in a different community of practice helps to foreground tacit theories of second language pedagogy, making them visible and open to review. Questions of pedagogy are also seen as questions of teacher identity, constituting the way that one is in the classroom. I take up a sociocultural and poststructural framework, drawing on the work of James Gee and Mikhail Bakhtin, to theorise the construction of teacher identity as emerging through dialogic relations and socially situated discursive practices. From this perspective, this study investigates whether these teachers engage with different ways of representing themselves through appropriating, adapting or rejecting Discourses prevailing in the Australian classroom. Research suggests that reflecting on dilemmas encountered as lived experiences can extend professional understandings. In this study, the participants engage in a process of dialogic reflection on their intercultural classroom interactions, examining with their peers and their lecturer/researcher selected moments of dissonance that they have faced in the unfamiliar context of an Australian primary classroom. It is argued that the recursive and multivoiced nature of this process of reflection on practice allows participants opportunities to negotiate new understandings of second language teacher identity. Dialogic learning, based on the theories of Bakhtin and Vygotsky, provides the theoretic framing not only for the process of reflection instantiated in this study, but also features in the analysis of the participants’ second language classroom practices. The research design uses a combined discourse analytic and ethnographic approach as a logic-of-inquiry to explore the dialogic relationships which these second language teachers negotiate with their students and their peers in the transnational context. In this way, through discourse analysis of their classroom talk and reflective dialogues, assisted by the analytic tools of speech genres and discourse formats, I explore the participants’ ways of doing and being second language teachers. Thus, this analysis traces the process of ideological becoming of these beginner teachers as shifts in their understandings of teacher and student identities. This study also demonstrates the potential for a nontraditional stimulated recall interview to provide dialogic scaffolding for beginner teachers to reflect productively on their practice.
Resumo:
Unless sustained, coordinated action is generated in road safety, road traffic deaths are poised to rise from approximately 1.3 to 1.9 million a year by 2020 (Krug, 2012). To generate this harmonised response, road safety management agencies are being urged to adopt multisectoral collaboration (WHO, 2009b), which is achievable through the principle of policy integration. Yet policy integration, in its current hierarchical format, is marred by a lack of universality of its interpretation, a failure to anticipate the complexities of coordinated effort, dearth of information about its design and the absence of a normative perspective to share responsibility. This paper addresses this ill-conception of policy integration by reconceptualising it through a qualitative examination of 16 road safety stakeholders’ written submissions, lodged with the Australian Transport Council in 2011. The resulting, new principle of policy integration, Participatory Deliberative Integration, provides a conceptual framework for the alignment of effort across stakeholders in transport, health, traffic law enforcement, relevant trades and the community. With the adoption of Participatory Deliberative Integration, road safety management agencies should secure the commitment of key stakeholders in the development and implementation of, amongst other policy measures, National Road Safety Strategies and Mix Mode Integrated Timetabling.
Resumo:
International research on prisoners demonstrates poor health outcomes, including chronic disease, with the overall burden to the community high. Prisoners are predominantly male and young. In Australia, the average incarceration length is 3 years, sufficient to impact long term health, including nutrition. Food in prisons is highly controlled, yet gaps exist in policy. In most Western countries prisons promote healthy foods, often incongruent with prisoner expectations or wants. Few studies have been conducted on dietary intakes during incarceration in relation to food policy. In this study detailed diet histories were collected on 120/945 men (mean age = 32 years), in a high-secure prison. Intakes were verified via individual purchase records, mealtime observations, and audits of food preparation, purchasing and holdings. Physical measurements (including fasting bloods) were taken and medical records reviewed. Results showed the standard food provided consistent with current dietary guidelines, however limited in menu choice. Diet histories revealed self-funded foods contributing 1–63% of energy (mean = 30%), 0–83% sugar (mean = 38%), 1–77% saturated fats (mean = 31%) and 1–59% sodium (mean = 23%). High levels of modification to food provided was found using minimal cooking amenities and inclusion of self-funded foods and/or foods retained from previous meals. Medical records and physical measurements confirmed markers of chronic disease. This study highlights the need to establish clear guidelines on all food available in prisons if chronic disease risk reduction is a goal. This study has also supported evidenced based food and nutrition policy including menu choice, food quality, quantity and safety as well as type and access to self-funded foods.
Resumo:
Background: Adolescent idiopathic scoliosis (AIS) is a deformity of the spine, which may 34 require surgical correction by attaching a rod to the patient’s spine using screws 35 implanted in the vertebral bodies. Surgeons achieve an intra-operative reduction in the 36 deformity by applying compressive forces across the intervertebral disc spaces while 37 they secure the rod to the vertebra. We were interested to understand how the 38 deformity correction is influenced by increasing magnitudes of surgical corrective forces 39 and what tissue level stresses are predicted at the vertebral endplates due to the 40 surgical correction. 41 Methods: Patient-specific finite element models of the osseoligamentous spine and 42 ribcage of eight AIS patients who underwent single rod anterior scoliosis surgery were 43 created using pre-operative computed tomography (CT) scans. The surgically altered 44 spine, including titanium rod and vertebral screws, was simulated. The models were 45 analysed using data for intra-operatively measured compressive forces – three load 46 profiles representing the mean and upper and lower standard deviation of this data 47 were analysed. Data for the clinically observed deformity correction (Cobb angle) were 48 compared with the model-predicted correction and the model results investigated to 49 better understand the influence of increased compressive forces on the biomechanics of 50 the instrumented joints. 51 Results: The predicted corrected Cobb angle for seven of the eight FE models were 52 within the 5° clinical Cobb measurement variability for at least one of the force profiles. 53 The largest portion of overall correction was predicted at or near the apical 54 intervertebral disc for all load profiles. Model predictions for four of the eight patients 55 showed endplate-to-endplate contact was occurring on adjacent endplates of one or 56 more intervertebral disc spaces in the instrumented curve following the surgical loading 57 steps. 58 Conclusion: This study demonstrated there is a direct relationship between intra-59 operative joint compressive forces and the degree of deformity correction achieved. The 60 majority of the deformity correction will occur at or in adjacent spinal levels to the apex 61 of the deformity. This study highlighted the importance of the intervertebral disc space 62 anatomy in governing the coronal plane deformity correction and the limit of this 63 correction will be when bone-to-bone contact of the opposing vertebral endplates 64 occurs.
Resumo:
In the decision-making of multi-area ATC (Available Transfer Capacity) in electricity market environment, the existing resources of transmission network should be optimally dispatched and coordinately employed on the premise that the secure system operation is maintained and risk associated is controllable. The non-sequential Monte Carlo simulation is used to determine the ATC probability density distribution of specified areas under the influence of several uncertainty factors, based on which, a coordinated probabilistic optimal decision-making model with the maximal risk benefit as its objective is developed for multi-area ATC. The NSGA-II is applied to calculate the ATC of each area, which considers the risk cost caused by relevant uncertainty factors and the synchronous coordination among areas. The essential characteristics of the developed model and the employed algorithm are illustrated by the example of IEEE 118-bus test system. Simulative result shows that, the risk of multi-area ATC decision-making is influenced by the uncertainties in power system operation and the relative importance degrees of different areas.
Resumo:
Predicate encryption (PE) is a new primitive which supports exible control over access to encrypted data. In PE schemes, users' decryption keys are associated with predicates f and ciphertexts encode attributes a that are specified during the encryption procedure. A user can successfully decrypt if and only if f(a) = 1. In this thesis, we will investigate several properties that are crucial to PE. We focus on expressiveness of PE, Revocable PE and Hierarchical PE (HPE) with forward security. For all proposed systems, we provide a security model and analysis using the widely accepted computational complexity approach. Our first contribution is to explore the expressiveness of PE. Existing PE supports a wide class of predicates such as conjunctions of equality, comparison and subset queries, disjunctions of equality queries, and more generally, arbitrary combinations of conjunctive and disjunctive equality queries. We advance PE to evaluate more expressive predicates, e.g., disjunctive comparison or disjunctive subset queries. Such expressiveness is achieved at the cost of computational and space overhead. To improve the performance, we appropriately revise the PE to reduce the computational and space cost. Furthermore, we propose a heuristic method to reduce disjunctions in the predicates. Our schemes are proved in the standard model. We then introduce the concept of Revocable Predicate Encryption (RPE), which extends the previous PE setting with revocation support: private keys can be used to decrypt an RPE ciphertext only if they match the decryption policy (defined via attributes encoded into the ciphertext and predicates associated with private keys) and were not revoked by the time the ciphertext was created. We propose two RPE schemes. Our first scheme, termed Attribute- Hiding RPE (AH-RPE), offers attribute-hiding, which is the standard PE property. Our second scheme, termed Full-Hiding RPE (FH-RPE), offers even stronger privacy guarantees, i.e., apart from possessing the Attribute-Hiding property, the scheme also ensures that no information about revoked users is leaked from a given ciphertext. The proposed schemes are also proved to be secure under well established assumptions in the standard model. Secrecy of decryption keys is an important pre-requisite for security of (H)PE and compromised private keys must be immediately replaced. The notion of Forward Security (FS) reduces damage from compromised keys by guaranteeing confidentiality of messages that were encrypted prior to the compromise event. We present the first Forward-Secure Hierarchical Predicate Encryption (FS-HPE) that is proved secure in the standard model. Our FS-HPE scheme offers some desirable properties: time-independent delegation of predicates (to support dynamic behavior for delegation of decrypting rights to new users), local update for users' private keys (i.e., no master authority needs to be contacted), forward security, and the scheme's encryption process does not require knowledge of predicates at any level including when those predicates join the hierarchy.
