Detecting attacks in encrypted networks using secret-sharing schemes

Secret-sharing schemes describe methods to securely share a secret among a group of participants. A properly constructed secret-sharing scheme guarantees that the share belonging to one participant does not reveal anything about the shares of others or even the secret itself. Besides being used to distribute a secret, secret-sharing schemes have also been used in secure multi-party computations and redundant residue number systems for error correction codes. In this paper, we propose that the secret-sharing scheme be used as a primitive in a Network-based Intrusion Detection System (NIDS) to detect attacks in encrypted Networks. Encrypted networks such as Virtual Private Networks (VPNs) fully encrypt network traffic which can include both malicious and non-malicious traffic. Traditional NIDS cannot monitor such encrypted traffic. We therefore describe how our work uses a combination of Shamir's secret-sharing scheme and randomised network proxies to enable a traditional NIDS to function normally in a VPN environment.

Test and evaluation system for multi-protocol sampled value protection schemes

Proposed transmission smart grids will use a digital platform for the automation of substations operating at voltage levels of 110 kV and above. The IEC 61850 series of standards, released in parts over the last ten years, provide a specification for substation communications networks and systems. These standards, along with IEEE Std 1588-2008 Precision Time Protocol version 2 (PTPv2) for precision timing, are recommended by the both IEC Smart Grid Strategy Group and the NIST Framework and Roadmap for Smart Grid Interoperability Standards for substation automation. IEC 61850-8-1 and IEC 61850-9-2 provide an inter-operable solution to support multi-vendor digital process bus solutions, allowing for the removal of potentially lethal voltages and damaging currents from substation control rooms, a reduction in the amount of cabling required in substations, and facilitates the adoption of non-conventional instrument transformers (NCITs). IEC 61850, PTPv2 and Ethernet are three complementary protocol families that together define the future of sampled value digital process connections for smart substation automation. This paper describes a specific test and evaluation system that uses real time simulation, protection relays, PTPv2 time clocks and artificial network impairment that is being used to investigate technical impediments to the adoption of SV process bus systems by transmission utilities. Knowing the limits of a digital process bus, especially when sampled values and NCITs are included, will enable utilities to make informed decisions regarding the adoption of this technology.

Encryption schemes and key exchange protocols in the certificateless setting

The contributions of this thesis fall into three areas of certificateless cryptography. The first area is encryption, where we propose new constructions for both identity-based and certificateless cryptography. We construct an n-out-of- n group encryption scheme for identity-based cryptography that does not require any special means to generate the keys of the trusted authorities that are participating. We also introduce a new security definition for chosen ciphertext secure multi-key encryption. We prove that our construction is secure as long as at least one authority is uncompromised, and show that the existing constructions for chosen ciphertext security from identity-based encryption also hold in the group encryption case. We then consider certificateless encryption as the special case of 2-out-of-2 group encryption and give constructions for highly efficient certificateless schemes in the standard model. Among these is the first construction of a lattice-based certificateless encryption scheme. Our next contribution is a highly efficient certificateless key encapsulation mechanism (KEM), that we prove secure in the standard model. We introduce a new way of proving the security of certificateless schemes based that are based on identity-based schemes. We leave the identity-based part of the proof intact, and just extend it to cover the part that is introduced by the certificateless scheme. We show that our construction is more efficient than any instanciation of generic constructions for certificateless key encapsulation in the standard model. The third area where the thesis contributes to the advancement of certificateless cryptography is key agreement. Swanson showed that many certificateless key agreement schemes are insecure if considered in a reasonable security model. We propose the first provably secure certificateless key agreement schemes in the strongest model for certificateless key agreement. We extend Swanson's definition for certificateless key agreement and give more power to the adversary. Our new schemes are secure as long as each party has at least one uncompromised secret. Our first construction is in the random oracle model and gives the adversary slightly more capabilities than our second construction in the standard model. Interestingly, our standard model construction is as efficient as the random oracle model construction.

The legitimacy of graduated response schemes in copyright law

In an attempt to curb online copyright infringement, copyright owners are increasingly seeking to enlist the assistance of Internet Service Providers (‘ISPs’) to enforce copyright and impose sanctions on their users.1 Commonly termed ‘graduated response’ schemes, these measures generally require that the ISP take some action against users suspected of infringing copyright, ranging from issuing warnings, to collating allegations made against subscribers and reporting to copyright owners, to suspension and eventual termination of service.

Evaluating the benefits of public bicycle schemes needs to be undertaken carefully

A letter in response to an article by David Rojas-Rueda, Audrey de Nazelle, Marko Tainio, Mark J Nieuwenhuijsen, The health risks and benefits of cycling in urban environments compared with car use: health impact assessment study. BMJ 2011;343:doi:10.1136/bmj.d4521 (Published 4 August 2011) This paper sets out to compare the health benefits of the Bicing scheme (Barcelona's public bicycle share scheme) with possible risks associated with increased bicycle riding. The key variables used by the researchers include physical activity, exposure to air pollution and road traffic injury. The authors rightly identify that although traffic congestion is often a major motivator behind the establishment of public bicycle share schemes (PBSS), the health benefits may well be the largest single benefit of such schemes. Certainly PBSS appear to be one of the most effective methods of increasing the number of bicycle trips across a population, providing additional transport options and improving awareness of the possibilities bicycles offer urban transport systems. Overall, the paper is a useful addition to the literature, in that it has attempted to assess the health benefits of a large scale PBSS and weighed these against potential risks related to cyclists exposure to air pollution and road traffic injuries. Unfortunately a fundamentally flawed assumption related to the proportion of Bicing trips replacing car journeys invalidates the results of this paper. A future paper with up to date data would create a significant contribution to this emerging area within the field of sustainable transport.

An evaluation framework for assessing the impact of public bicycle share schemes

INTRODUCTION • Public bicycle share schemes have emerged as a method of increasing rates of bicycle riding. • The overwhelming majority of schemes have begun since 2005, taking advantage of various tracking and payment technologies making short term rental practical and affordable. • Very little research has been undertaken to determine their potentially broad impact on transport behaviour and consequently, it is difficult to understand the performance of these schemes in terms of reduced emissions and congestion, as well as possible increases in physical activity.

Disclosure of proxy voting information by Australian managed investment schemes

The US Securities and Exchange Comission requires registered management investment companies to disclose how they vote proxies relating to portfolio securities they hold. The primary purpose of this rule is to enable fund investors to monitor the role of institutional shareholders in the corporate governance practices of public companies. In Australia, despite reform proposals, there are no regulations requiring institutional investors to report proxy voting procedures and practises. There is little evidence of voluntary disclosure of proxy voting by Australian managed investment schemes in equities, indicating that there are costs involved in such disclosure.

The implementation of performance based planning in Queensland under the integrated planning act 1997 : an evaluation of perceptions and planning schemes

Performance based planning is a form of planning regulation that is not well understood and the theoretical advantages of this type of planning are rarely achieved in practice. Normatively, this type of regulation relies on performance standards that are quantifiable and technically based which are designed to manage the effects of development, where performance standards provide certainty in respect of the level of performance and the means of achievement is flexible. Few empirical studies have attempted to examine how performance based planning has been conceptualised and implemented in practice. Existing literature is predominately anecdotal and consultant based (Baker et al. 2006) and has not sought to quantitatively examine how land use has been managed or determine how context influences implementation. The Integrated Planning Act 1997 (IPA) operated as Queensland’s principal planning legislation between March 1998 and December 2009. The IPA prevented Local Governments from prohibiting development or use and the term zone was absent from the legislation. While the IPA did not use the term performance based planning, the system is widely considered to be performance based in practice (e.g. Baker et al. 2006; Steele 2009a, 2009b). However, the degree to which the IPA and the planning system in Queensland is performance based is debated (e.g. Yearbury 1998; England 2004). Four research questions guided the research framework using Queensland as the case study. The questions sought to: determine if there is a common understanding of performance based planning; identify how performance based planning was expressed under the IPA; understand how performance based planning was implemented in plans; and explore the experiences of participants in the planning system. The research developed a performance adoption spectrum. The spectrum describes how performance based planning is implemented, ranging between pure and hybrid interpretations. An ex-post evaluation of seventeen IPA plans sought to determine plan performativity within the conceptual spectrum. Land use was examined from the procedural dimension of performance (Assessment Tables) and the substantive dimension of performance (Codes). A documentary analysis and forty one interviews supplemented the research. The analytical framework considered how context influenced performance based planning, including whether: the location of the local government affected land use management techniques; temporal variation in implementation exists; plan-making guidelines affected implementation; different perceptions of the concept exist; this type of planning applies to a range of spatial scales. Outcomes were viewed as the medium for determining the acceptability of development in Queensland, a significant departure from pure approaches found in the United States. Interviews highlighted the absence of plan-making direction in the IPA, which contributed to the confusion about the intended direction of the planning system and the myth that the IPA would guarantee a performance based system. A hybridised form of performance based planning evolved in Queensland which was dependent on prescriptive land use zones and specification of land use type, with some local governments going to extreme lengths to discourage certain activities in a predetermined manner. Context had varying degrees of influence on plan-making methods. Decision-making was found to be inconsistent and the system created a range of unforeseen consequences including difficulties associated with land valuation, increased development speculation, and the role of planners in court was found to be less critical than in the previous planning system.

Stable strong order 1.0 schemes for solving stochastic ordinary differential equations

The Balanced method was introduced as a class of quasi-implicit methods, based upon the Euler-Maruyama scheme, for solving stiff stochastic differential equations. We extend the Balanced method to introduce a class of stable strong order 1. 0 numerical schemes for solving stochastic ordinary differential equations. We derive convergence results for this class of numerical schemes. We illustrate the asymptotic stability of this class of schemes is illustrated and is compared with contemporary schemes of strong order 1. 0. We present some evidence on parametric selection with respect to minimising the error convergence terms. Furthermore we provide a convergence result for general Balanced style schemes of higher orders.

Computationally sound automated proofs of cryptographic schemes

Proving security of cryptographic schemes, which normally are short algorithms, has been known to be time-consuming and easy to get wrong. Using computers to analyse their security can help to solve the problem. This thesis focuses on methods of using computers to verify security of such schemes in cryptographic models. The contributions of this thesis to automated security proofs of cryptographic schemes can be divided into two groups: indirect and direct techniques. Regarding indirect ones, we propose a technique to verify the security of public-key-based key exchange protocols. Security of such protocols has been able to be proved automatically using an existing tool, but in a noncryptographic model. We show that under some conditions, security in that non-cryptographic model implies security in a common cryptographic one, the Bellare-Rogaway model [11]. The implication enables one to use that existing tool, which was designed to work with a different type of model, in order to achieve security proofs of public-key-based key exchange protocols in a cryptographic model. For direct techniques, we have two contributions. The first is a tool to verify Diffie-Hellmanbased key exchange protocols. In that work, we design a simple programming language for specifying Diffie-Hellman-based key exchange algorithms. The language has a semantics based on a cryptographic model, the Bellare-Rogaway model [11]. From the semantics, we build a Hoare-style logic which allows us to reason about the security of a key exchange algorithm, specified as a pair of initiator and responder programs. The other contribution to the direct technique line is on automated proofs for computational indistinguishability. Unlike the two other contributions, this one does not treat a fixed class of protocols. We construct a generic formalism which allows one to model the security problem of a variety of classes of cryptographic schemes as the indistinguishability between two pieces of information. We also design and implement an algorithm for solving indistinguishability problems. Compared to the two other works, this one covers significantly more types of schemes, but consequently, it can verify only weaker forms of security.

Sustainable infrastructure operations : a review of assessment schemes and decision support

Infrastructure forms a vital component in supporting today’s way of life and has a significant role or impact on economic, environmental and social outcomes of the region around it. The design, construction and operation of such assets are a multi-billion dollar industry in Australia alone. Another issue that will play a major role in our way life is that of climate change and the greater concept of sustainability. With limited resources and a changing natural world it is necessary for infrastructure to be developed and maintained in a manner that is sustainable. In order to achieve infrastructure sustainability in operations it is necessary for there to be: a sustainability assessment scheme that provides a scientifically sound and realistic approach to measuring an assets level of sustainability; and, systems and tools to support the making of decisions that result in sustainable outcomes by providing feedback in a timely manner. Having these in place will then help drive the consideration of sustainability during the decision making process for infrastructure operations and maintenance. In this paper we provide two main contributions; a comparison and review of sustainability assessment schemes for infrastructure and their suitability for use in the operations phase; and, a review of decision support systems/tools in the area of infrastructure sustainability in operations. For this paper, sustainability covers not just the environment, but also finance/economic and societal/community aspects as well. This is often referred to as the Triple Bottom Line and forms one of the three dimensions of corporate sustainability [Stapledon, 2004].