The potential for a web based intervention to improve young adult passenger safety

Young drivers aged 17-24 are consistently overrepresented in motor vehicle crashes. Research has shown that a young driver’s crash risk increases when carrying similarly aged passengers, with fatal crash risk increasing two to three fold with two or more passengers. Recent growth in access to and use of the internet has led to a corresponding increase in the number of web based behaviour change interventions. An increasing body of literature describes the evaluation of web based programs targeting risk behaviours and health issues. Evaluations have shown promise for such strategies with evidence for positive changes in knowledge, attitudes and behaviour. The growing popularity of web based programs is due in part to their wide accessibility, ability for personalised tailoring of intervention messages, and self-direction and pacing of online content. Young people are also highly receptive to the internet and the interactive elements of online programs are particularly attractive. The current study was designed to assess the feasibility for a web based intervention to increase the use of personal and peer protective strategies among young adult passengers. An extensive review was conducted on the development and evaluation of web based programs. Year 12 students were also surveyed about their use of the internet in general and for health and road safety information. All students reported internet access at home or at school, and 74% had searched for road safety information. Additional findings have shown promise for the development of a web based passenger safety program for young adults. Design and methodological issues will be discussed.

Shifting the child protection juggernaut to earlier intervention

"For every complex problem there is a solution that is simple, neat and wrong (M.L. Mencken, US writer and social commentator). Nowhere is this quote more apt than when applied to finding over-simplified solutions to the complex problem of looking after the safety and well-being of vulnerable children. The easiest formula is, of course, to ‘rescue children from dysfunctional families’, a line taken recently in the monograph by the right wing think tank, Centre for Independent Studies (Sammut & O’Brien 2009). It is reasoning with fatal flaws. This commentary provides a timely reminder of the strong arguments which lie behind the national and international shift to supporting children and families through universal and specialist community-based services, rather than weighting all resources into statutory child protection interventions. A brief outline of the value of developing the resources to support children in their families, and the problems with 'rescuing' children through the child protection system are discussed.

Intrusion detection techniques in wireless local area networks

This research investigates wireless intrusion detection techniques for detecting attacks on IEEE 802.11i Robust Secure Networks (RSNs). Despite using a variety of comprehensive preventative security measures, the RSNs remain vulnerable to a number of attacks. Failure of preventative measures to address all RSN vulnerabilities dictates the need for a comprehensive monitoring capability to detect all attacks on RSNs and also to proactively address potential security vulnerabilities by detecting security policy violations in the WLAN. This research proposes novel wireless intrusion detection techniques to address these monitoring requirements and also studies correlation of the generated alarms across wireless intrusion detection system (WIDS) sensors and the detection techniques themselves for greater reliability and robustness. The specific outcomes of this research are: A comprehensive review of the outstanding vulnerabilities and attacks in IEEE 802.11i RSNs. A comprehensive review of the wireless intrusion detection techniques currently available for detecting attacks on RSNs. Identification of the drawbacks and limitations of the currently available wireless intrusion detection techniques in detecting attacks on RSNs. Development of three novel wireless intrusion detection techniques for detecting RSN attacks and security policy violations in RSNs. Development of algorithms for each novel intrusion detection technique to correlate alarms across distributed sensors of a WIDS. Development of an algorithm for automatic attack scenario detection using cross detection technique correlation. Development of an algorithm to automatically assign priority to the detected attack scenario using cross detection technique correlation.

Factors related to the presentation of thin and thick nodular melanoma from a population-based cancer registry in Queensland Australia

Purpose: Worldwide, the incidence of thick melanoma has not declined, and the nodular melanoma (NM) subtype accounts for nearly 40% of newly-diagnosed thick melanoma. To assess differences between patients with thin (≤2.00 mm) and thick (≥2.01 mm) nodular melanoma, we evaluated factors such as demographics, melanoma detection patterns, tumor visibility, and physician screening for NM alone and compared clinical presentation and anatomic location of NM with superficial spreading melanoma (SSM). Methods We utilized data from a large population-based study of Queensland (Australia) residents diagnosed with melanoma. Queensland residents aged 20 to 75 years with histologically confirmed first primary invasive cutaneous melanoma were eligible for the study, and all questionnaires were conducted by telephone (response rate 77.9%). Results During this four-year period, 369 patients with nodular melanoma were interviewed, of whom 56.7% were diagnosed with tumors ≤ 2.00 mm. Men, older individuals, and those who had not been screened by a physician in the past three years were more likely to have nodular tumors of greater thickness. Thickest nodular melanoma (4 mm+) was also most common in persons who had not been screened by a doctor within the past three years (OR 3.75; 95% CI 1.47-9.59). Forty-six percent of patients with thin nodular melanoma (≤ 2.00 mm) reported a change in color, compared with 64% of patients with thin SSM and 26% of patients with thick nodular melanoma (>2.00 mm). Conclusion Awareness of factors related to earlier detection of potentially fatal nodular melanomas, including the benefits of a physician examination, should be useful in enhancing public and professional education strategies. Particular awareness of clinical warning signs associated with thin nodular melanoma should allow for more prompt diagnosis and treatment of this subtype.

Telcagepant is a new oral treatment for migraine

Background : Migraine is a common cause of disability. Many subjects (30 – 40%) do not respond to the 5-HT 1B/1D agonists (the triptans) commonly used in the treatment of migraine attacks. Calcitonin gene-related protein (CGRP) receptor antagonism is a new approach to the treatment of migraine attacks. Objectives/methods : This evaluation is of a Phase III clinical trial comparing telcagepant, an orally active CGRP receptor antagonist, with zolmitriptan in subjects during an attack of migraine. Results : Telcagepant 300 mg has a similar efficacy to zolmitriptan in relieving pain, phonophobia, photophobia, and nausea. Telcagepant was better tolerated than zolmitriptan. Conclusions : The initial Phase III clinical trial results with telcagepant are promising but several further clinical trials are needed to determine the place of telcagepant in the treatment of migraine attacks

Analysis of authenticated encryption stream ciphers

Authenticated Encryption (AE) is the cryptographic process of providing simultaneous confidentiality and integrity protection to messages. AE is potentially more efficient than applying a two-step process of providing confidentiality for a message by encrypting the message and in a separate pass, providing integrity protection by generating a Message Authentication Code (MAC) tag. This paper presents results on the analysis of three AE stream ciphers submitted to the recently completed eSTREAM competition. We classify the ciphers based on the methods the ciphers use to provide authenticated encryption and discuss possible methods for mounting attacks on these ciphers.

Damage assessment of 3D reinforced concrete frame under external explosion loading

Multi-storey buildings are highly vulnerable to terrorist bombing attacks in various parts of the world. Large numbers of casualties and extensive property damage result not only from blast overpressure, but also from the failing of structural components. Understanding the blast response and damage consequences of reinforced concrete (RC) building frames is therefore important when assessing multi-storey buildings designed to resist normal gravity loads. However, limited research has been conducted to identify the blast response and damage of RC frames in order to assess the vulnerability of entire buildings. This paper discusses the blast response and evaluation of damage of three-dimension (3D) RC rigid frame under potential blast loads scenarios. The explicit finite element modelling and analysis under time history blast pressure loads were carried out by LS DYNA code. Complete 3D RC frame was developed with relevant reinforcement details and material models with strain rate effect. Idealised triangular blast pressures calculated from standard manuals are applied on the front face of the model in the present investigation. The analysis results show the blast response, as displacements and material yielding of the structural elements in the RC frame. The level of damage is evaluated and classified according to the selected load case scenarios. Residual load carrying capacities are evaluated and level of damage was presented by the defined damage indices. This information is necessary to determine the vulnerability of existing multi-storey buildings with RC frames and to identify the level of damage under typical external explosion environments. It also provides basic guidance to the design of new buildings to resist blast loads.

Detecting and characterising malicious executable payloads

Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.

Barriers to the acceptance of road safety programmes among rural road users : developing a brief intervention

Motorised countries have more fatal road crashes in rural areas than in urban areas. In Australia, over two thirds of the population live in urban areas, yet approximately 55 percent of the road fatalities occur in rural areas (ABS, 2006; Tziotis, Mabbot, Edmonston, Sheehan & Dwyer, 2005). Road and environmental factors increase the challenges of rural driving, but do not fully account for the disparity. Rural drivers are less compliant with recommendations regarding the “fatal four” behaviours of speeding, drink driving, seatbelt non-use and fatigue, and the reasons for their lower apparent receptivity for road safety messages are not well understood. Countermeasures targeting driver behaviour that have been effective in reducing road crashes in urban areas have been less successful in rural areas (FORS, 1995). However, potential barriers to receptivity for road safety information among rural road users have not been systematically investigated. This thesis aims to develop a road safety countermeasure that addresses three areas that potentially affect receptivity to rural road safety information. The first is psychological barriers of road users’ attitudes, including risk evaluation, optimism bias, locus of control and readiness to change. A second area is the timing and method of intervention delivery, which includes the production of a brief intervention and the feasibility of delivering it at a “teachable moment”. The third area under investigation is the content of the brief intervention. This study describes the process of developing an intervention that includes content to address road safety attitudes and improve safety behaviours of rural road users regarding the “fatal four”. The research commences with a review of the literature on rural road crashes, brief interventions, intervention design and implementation, and potential psychological barriers to receptivity. This literature provides a rationale for the development of a brief intervention for rural road safety with a focus on driver attitudes and behaviour. The research is then divided into four studies. The primary aim of Study One and Study Two is to investigate the receptivity of rural drivers to road safety interventions, with a view to identifying barriers to the efficacy of these strategies.

The Dragon stream cipher: Design, analysis and implementation issues

Dragon is a word-based stream cipher. It was submitted to the eSTREAM project in 2005 and has advanced to Phase 3 of the software profile. This paper discusses the Dragon cipher from three perspectives: design, security analysis and implementation. The design of the cipher incorporates a single word-based non-linear feedback shift register and a non-linear filter function with memory. This state is initialized with 128- or 256-bit key-IV pairs. Each clock of the stream cipher produces 64 bits of keystream, using simple operations on 32-bit words. This provides the cipher with a high degree of efficiency in a wide variety of environments, making it highly competitive relative to other symmetric ciphers. The components of Dragon were designed to resist all known attacks. Although the design has been open to public scrutiny for several years, the only published attacks to date are distinguishing attacks which require keystream lengths greatly exceeding the stated 264 bit maximum permitted keystream length for a single key-IV pair.

Bit-pattern based integral attack

Integral attacks are well-known to be effective against byte-based block ciphers. In this document, we outline how to launch integral attacks against bit-based block ciphers. This new type of integral attack traces the propagation of the plaintext structure at bit-level by incorporating bit-pattern based notations. The new notation gives the attacker more details about the properties of a structure of cipher blocks. The main difference from ordinary integral attacks is that we look at the pattern the bits in a specific position in the cipher block has through the structure. The bit-pattern based integral attack is applied to Noekeon, Serpent and present reduced up to 5, 6 and 7 rounds, respectively. This includes the first attacks on Noekeon and present using integral cryptanalysis. All attacks manage to recover the full subkey of the final round.

A multiple-control fuzzy vault

We introduce multiple-control fuzzy vaults allowing generalised threshold, compartmented and multilevel access structure. The presented schemes enable many useful applications employing multiple users and/or multiple locking sets. Introducing the original single control fuzzy vault of Juels and Sudan we identify several similarities and differences between their vault and secret sharing schemes which influence how best to obtain working generalisations. We design multiple-control fuzzy vaults suggesting applications using biometric credentials as locking and unlocking values. Furthermore we assess the security of our obtained generalisations for insider/ outsider attacks and examine the access-complexity for legitimate vault owners.

Using honeypots to analyse anomalous Internet activities

Monitoring Internet traffic is critical in order to acquire a good understanding of threats to computer and network security and in designing efficient computer security systems. Researchers and network administrators have applied several approaches to monitoring traffic for malicious content. These techniques include monitoring network components, aggregating IDS alerts, and monitoring unused IP address spaces. Another method for monitoring and analyzing malicious traffic, which has been widely tried and accepted, is the use of honeypots. Honeypots are very valuable security resources for gathering artefacts associated with a variety of Internet attack activities. As honeypots run no production services, any contact with them is considered potentially malicious or suspicious by definition. This unique characteristic of the honeypot reduces the amount of collected traffic and makes it a more valuable source of information than other existing techniques. Currently, there is insufficient research in the honeypot data analysis field. To date, most of the work on honeypots has been devoted to the design of new honeypots or optimizing the current ones. Approaches for analyzing data collected from honeypots, especially low-interaction honeypots, are presently immature, while analysis techniques are manual and focus mainly on identifying existing attacks. This research addresses the need for developing more advanced techniques for analyzing Internet traffic data collected from low-interaction honeypots. We believe that characterizing honeypot traffic will improve the security of networks and, if the honeypot data is handled in time, give early signs of new vulnerabilities or breakouts of new automated malicious codes, such as worms. The outcomes of this research include: • Identification of repeated use of attack tools and attack processes through grouping activities that exhibit similar packet inter-arrival time distributions using the cliquing algorithm; • Application of principal component analysis to detect the structure of attackers’ activities present in low-interaction honeypots and to visualize attackers’ behaviors; • Detection of new attacks in low-interaction honeypot traffic through the use of the principal component’s residual space and the square prediction error statistic; • Real-time detection of new attacks using recursive principal component analysis; • A proof of concept implementation for honeypot traffic analysis and real time monitoring.

One-time-password-authenticated key exchange

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. ---------- We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.