Not like my mother : truth and the author in creative nonfiction

This exegesis examines how a writer can effectively negotiate the relationship between author, character, fact and truth, in a work of Creative Nonfiction. It was found that individual truths, in a work of Creative Nonfiction, are not necessarily universal truths due to individual, cultural, historical and religious circumstances. What was also identified, through the examination of published Creative Nonfiction, is a necessity to ensure there are clear demarcation lines between authorial truth and fiction. The Creative Nonfiction works examined, which established this framework for the reader, ensured an ethical relationship between author and audience. These strategies and frameworks were then applied to my own Creative Nonfiction.

Electronic workplace surveillance and employee privacy : a comparative analysis of privacy protection in Australia and the United States

More than a century ago in their definitive work “The Right to Privacy” Samuel D. Warren and Louis D. Brandeis highlighted the challenges posed to individual privacy by advancing technology. Today’s workplace is characterised by its reliance on computer technology, particularly the use of email and the Internet to perform critical business functions. Increasingly these and other workplace activities are the focus of monitoring by employers. There is little formal regulation of electronic monitoring in Australian or United States workplaces. Without reasonable limits or controls, this has the potential to adversely affect employees’ privacy rights. Australia has a history of legislating to protect privacy rights, whereas the United States has relied on a combination of constitutional guarantees, federal and state statutes, and the common law. This thesis examines a number of existing and proposed statutory and other workplace privacy laws in Australia and the United States. The analysis demonstrates that existing measures fail to adequately regulate monitoring or provide employees with suitable remedies where unjustifiable intrusions occur. The thesis ultimately supports the view that enacting uniform legislation at the national level provides a more effective and comprehensive solution for both employers and employees. Chapter One provides a general introduction and briefly discusses issues relevant to electronic monitoring in the workplace. Chapter Two contains an overview of privacy law as it relates to electronic monitoring in Australian and United States workplaces. In Chapter Three there is an examination of the complaint process and remedies available to a hypothetical employee (Mary) who is concerned about protecting her privacy rights at work. Chapter Four provides an analysis of the major themes emerging from the research, and also discusses the draft national uniform legislation. Chapter Five details the proposed legislation in the form of the Workplace Surveillance and Monitoring Act, and Chapter Six contains the conclusion.

Improved cryptanalysis of the Common Scrambling Algorithm Stream Cipher

This paper provides a fresh analysis of the widely-used Common Scrambling Algorithm Stream Cipher (CSA-SC). Firstly, a new representation of CSA-SC with a state size of only 89 bits is given, a significant reduction from the 103 bit state of a previous CSA-SC representation. Analysis of this 89-bit representation demonstrates that the basis of a previous guess-and-determine attack is flawed. Correcting this flaw increases the complexity of that attack so that it is worse than exhaustive key search. Although that attack is not feasible, the reduced state size of our representation makes it obvious that CSA-SC is vulnerable to several generic attacks, for which feasible parameters are given.

Privacy and security in open and trusted health information systems

The Open and Trusted Health Information Systems (OTHIS) Research Group has formed in response to the health sector’s privacy and security requirements for contemporary Health Information Systems (HIS). Due to recent research developments in trusted computing concepts, it is now both timely and desirable to move electronic HIS towards privacy-aware and security-aware applications. We introduce the OTHIS architecture in this paper. This scheme proposes a feasible and sustainable solution to meeting real-world application security demands using commercial off-the-shelf systems and commodity hardware and software products.

Characterising anomalous events using change point correlation on unsolicited network traffic

Monitoring unused or dark IP addresses offers opportunities to extract useful information about both on-going and new attack patterns. In recent years, different techniques have been used to analyze such traffic including sequential analysis where a change in traffic behavior, for example change in mean, is used as an indication of malicious activity. Change points themselves say little about detected change; further data processing is necessary for the extraction of useful information and to identify the exact cause of the detected change which is limited due to the size and nature of observed traffic. In this paper, we address the problem of analyzing a large volume of such traffic by correlating change points identified in different traffic parameters. The significance of the proposed technique is two-fold. Firstly, automatic extraction of information related to change points by correlating change points detected across multiple traffic parameters. Secondly, validation of the detected change point by the simultaneous presence of another change point in a different parameter. Using a real network trace collected from unused IP addresses, we demonstrate that the proposed technique enables us to not only validate the change point but also extract useful information about the causes of change points.

AITPM Email Newsletter Volume 0905, May 2009: Presidents Message

President’s Message Hello fellow AITPM members, We’ve been offered a lot of press lately about the Federal Government’s plan for the multibillion dollar rollout of its high speed broadband network, which at the moment is being rated to a speed of 100Mb/s. This seems fantastic in comparison to the not atypical 250 to 500kb/s that I receive on my metropolitan cable broadband, which incidentally my service provider rates at theoretical speeds of up to 8 Mb/s. I have no doubt that such a scheme will generate significant advantages to business and consumers. However, I also have some reservations. Only a few of years ago I marvelled at my first 256Mb USB stick, which cost my employer about $90. Last month I purchased a 16Gb stick with a free computer carry bag for $80, which on the back of my envelope has given me about 72 times the value of my first USB stick not including the carry bag! I am pretty sure the technology industry will find a way to eventually push a lot more than 100Mb/s down the optic fibre network just as they have done with pushing several Mb/s ADSL2 down antique copper wire. This makes me wonder about the general problem of inbuilt obsolescence of all things high-tech due to rapid advances in the tech industry. As a transport professional I then think to myself that our industry has been moving forward at somewhat of a slower pace. We certainly have had major milestones having significant impacts, such as the move from horse and cart to the self propelled motor vehicle, sealing and formal geometric design of roads, development of motorways, signalisation of intersections, coordination of networks, to simulation modelling for real time adaptive control (perhaps major change has been at a frequency of 30 years or so?). But now with ITS truly penetrating the transport market, largely thanks to the in-car GPS navigator, smart phone, e-toll and e-ticket, I believe that to avoid our own obsolescence we’re going to need to “plan for ITS” rather than just what we seem to have been doing up until now, that is, to get it out there. And we’ll likely need to do it at a faster pace. It will involve understanding how to data mine enormous data sets, better understanding the human/machine interface, keeping pace with automotive technology more closely, resolving the ethical and privacy chestnuts, and in the main actually planning for ITS to make peoples’ lives easier rather than harder. And in amongst this we’ll need to keep pace with the types of technology advances similar to my USB stick example above. All the while we’ll be making a brand new set of friends in the disciplines that will morph into ITS along with us. Hopefully these will all be “good” problems for our profession to have. I should close in reminding everyone again that AITPM’s flagship event, the 2009 AITPM National Conference, Traffic Beyond Tomorrow, is being held in Adelaide from 5 to 7 August. www.aitpm.com has all of the details about how to register, sponsor a booth, session, etc. Best regards all, Jon Bunker

Using SITDRM for Privacy Rights Management

SITDRM 1 is a privacy protection system that protects private data through the enforcement of MPEG REL licenses provided by consumers. Direct issuing of licenses by consumers has several usability problems that will be mentioned in this paper. Further, we will describe how SITDRM incorporates P3P language to provide a consumer-centered privacy protection system.

Who is publishing in the Journal of Sociology? an analysis of author trends 1965–2008

This paper presents the author characteristics of papers published in The Australian Sociological Association (TASA) journal, the Journal of Sociology (formerly the Australian and New Zealand Journal of Sociology) between 1965 and 2008. The aim of the paper is empirically to identify trends in authorship. The review examines all articles published in the period (excluding book reviews). The rationale of the study is to reveal trends in who publishes in the journal in terms of authors’ academic rank, gender, institution, and country. A table of those who have published the greatest number of papers is also presented. Findings show that over time the gap between the proportion of males and females publishing has closed; more PhD students and research fellows are publishing in the journal in recent decades; the highest proportion of authors consistently come from the Australian National University and The University of Queensland; and most authors are located in Australia. Information such as this can inform editorial practices and serve to inform the membership and readership on the nature of the journal.

Efficient one-round key exchange in the standard model

We consider one-round key exchange protocols secure in the standard model. The security analysis uses the powerful security model of Canetti and Krawczyk and a natural extension of it to the ID-based setting. It is shown how KEMs can be used in a generic way to obtain two different protocol designs with progressively stronger security guarantees. A detailed analysis of the performance of the protocols is included; surprisingly, when instantiated with specific KEM constructions, the resulting protocols are competitive with the best previous schemes that have proofs only in the random oracle model.

Modeling and Verification of Privacy Enhancing Protocols

Privacy enhancing protocols (PEPs) are a family of protocols that allow secure exchange and management of sensitive user information. They are important in preserving users’ privacy in today’s open environment. Proof of the correctness of PEPs is necessary before they can be deployed. However, the traditional provable security approach, though well established for verifying cryptographic primitives, is not applicable to PEPs. We apply the formal method of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various security properties of PIEMCP using state space analysis techniques. This investigation provides us with preliminary insights for modeling and verification of PEPs in general, demonstrating the benefit of applying the CPN-based formal approach to proving the correctness of PEPs.

One-time-password-authenticated key exchange

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. ---------- We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.

Predicate-based key exchange

We provide the first description of and security model for authenticated key exchange protocols with predicate-based authentication. In addition to the standard goal of session key security, our security model also provides for credential privacy: a participating party learns nothing more about the other party's credentials than whether they satisfy the given predicate. Our model also encompasses attribute-based key exchange since it is a special case of predicate-based key exchange.---------- We demonstrate how to realize a secure predicate-based key exchange protocol by combining any secure predicate-based signature scheme with the basic Diffie-Hellman key exchange protocol, providing an efficient and simple solution.

Fraud detection in ERP systems using scenario matching

ERP systems generally implement controls to prevent certain common kinds of fraud. In addition however, there is an imperative need for detection of more sophisticated patterns of fraudulent activity as evidenced by the legal requirement for company audits and the common incidence of fraud. This paper describes the design and implementation of a framework for detecting patterns of fraudulent activity in ERP systems. We include the description of six fraud scenarios and the process of specifying and detecting the occurrence of those scenarios in ERP user log data using the prototype software which we have developed. The test results for detecting these scenarios in log data have been verified and confirm the success of our approach which can be generalized to ERP systems in general.