A new human identification protocol and Coppersmith's baby-step giant-step algorithm

We propose a new protocol providing cryptographically secure authentication to unaided humans against passive adversaries. We also propose a new generic passive attack on human identification protocols. The attack is an application of Coppersmith’s baby-step giant-step algorithm on human identification protcols. Under this attack, the achievable security of some of the best candidates for human identification protocols in the literature is further reduced. We show that our protocol preserves similar usability while achieves better security than these protocols. A comprehensive security analysis is provided which suggests parameters guaranteeing desired levels of security.

Multi-party computation with omnipresent adversary

Secure multi-party computation (MPC) protocols enable a set of n mutually distrusting participants P 1, ..., P n , each with their own private input x i , to compute a function Y = F(x 1, ..., x n ), such that at the end of the protocol, all participants learn the correct value of Y, while secrecy of the private inputs is maintained. Classical results in the unconditionally secure MPC indicate that in the presence of an active adversary, every function can be computed if and only if the number of corrupted participants, t a , is smaller than n/3. Relaxing the requirement of perfect secrecy and utilizing broadcast channels, one can improve this bound to t a  < n/2. All existing MPC protocols assume that uncorrupted participants are truly honest, i.e., they are not even curious in learning other participant secret inputs. Based on this assumption, some MPC protocols are designed in such a way that after elimination of all misbehaving participants, the remaining ones learn all information in the system. This is not consistent with maintaining privacy of the participant inputs. Furthermore, an improvement of the classical results given by Fitzi, Hirt, and Maurer indicates that in addition to t a actively corrupted participants, the adversary may simultaneously corrupt some participants passively. This is in contrast to the assumption that participants who are not corrupted by an active adversary are truly honest. This paper examines the privacy of MPC protocols, and introduces the notion of an omnipresent adversary, which cannot be eliminated from the protocol. The omnipresent adversary can be either a passive, an active or a mixed one. We assume that up to a minority of participants who are not corrupted by an active adversary can be corrupted passively, with the restriction that at any time, the number of corrupted participants does not exceed a predetermined threshold. We will also show that the existence of a t-resilient protocol for a group of n participants, implies the existence of a t’-private protocol for a group of n′ participants. That is, the elimination of misbehaving participants from a t-resilient protocol leads to the decomposition of the protocol. Our adversary model stipulates that a MPC protocol never operates with a set of truly honest participants (which is a more realistic scenario). Therefore, privacy of all participants who properly follow the protocol will be maintained. We present a novel disqualification protocol to avoid a loss of privacy of participants who properly follow the protocol.

A fair e-tendering protocol

Implementation of an electronic tendering (e-tendering) systems requires careful attention to the needs of the system and its various participants. Fairness in an e-tendering is of utmost importance. Current proposals and implementations do not provide fairness and thus, are vulnerable to collusion and favourism. Dishonest participants, either the principal or tenderer may collude to alter or view competing tenders which would give the favoured tenderer a greater chance of winning the contract. This paper proposes an e-tendering system that is secure and fair to all participants. We employ the techniques of anonymous token system along with signed commitment approach to achieve a publicly verifiable fair e-tendering protocol. We also provide an analysis of the protocol that confirms the security of our proposal against security goals for an e-tendering system.

Carbon, biodiversity and regional natural resource planning : towards high impact next generation plans

Given the increased importance of adaptation debates in global climate negotiations, pressure to achieve biodiversity, food and water security through managed landscape-scale adaptation will likely increase across the globe over the coming decade. In parallel, emerging market-based, terrestrial greenhouse gas abatement programs present a real opportunity to secure such adaptation to climate change through enhanced landscape resilience. Australia has an opportunity to take advantage of such programs through regional planning aspects of its governance arrangements for NRM. This paper explores necessary reforms to Australia's regional NRM planning systems to ensure that they will be better able to direct the nation's emerging GGA programs to secure enhanced landscape adaptation. © 2013 Planning Institute Australia.

Source code watermarking based on function dependency oriented sequencing

In the current market, extensive software development is taking place and the software industry is thriving. Major software giants have stated source code theft as a major threat to revenues. By inserting an identity-establishing watermark in the source code, a company can prove it's ownership over the source code. In this paper, we propose a watermarking scheme for C/C++ source codes by exploiting the language restrictions. If a function calls another function, the latter needs to be defined in the code before the former, unless one uses function pre-declarations. We embed the watermark in the code by imposing an ordering on the mutually independent functions by introducing bogus dependency. Removal of dependency by the attacker to erase the watermark requires extensive manual intervention thereby making the attack infeasible. The scheme is also secure against subtractive and additive attacks. Using our watermarking scheme, an n-bit watermark can be embedded in a program having n independent functions. The scheme is implemented on several sample codes and performance changes are analyzed.

Reversible and blind database watermarking using difference expansion

Database watermarking has received significant research attention in the current decade. Although, almost all watermarking models have been either irreversible (the original relation cannot be restored from the watermarked relation) and/or non-blind (requiring original relation to detect the watermark in watermarked relation). This model has several disadvantages over reversible and blind watermarking (requiring only watermarked relation and secret key from which the watermark is detected and original relation is restored) including inability to identify rightful owner in case of successful secondary watermarking, inability to revert the relation to original data set (required in high precision industries) and requirement to store unmarked relation at a secure secondary storage. To overcome these problems, we propose a watermarking scheme that is reversible as well as blind. We utilize difference expansion on integers to achieve reversibility. The major advantages provided by our scheme are reversibility to high quality original data set, rightful owner identification, resistance against secondary watermarking attacks, and no need to store original database at a secure secondary storage.

Efficient disjointness tests for private datasets

We present efficient protocols for private set disjointness tests. We start from an intuition of our protocols that applies Sylvester matrices. Unfortunately, this simple construction is insecure as it reveals information about the cardinality of the intersection. More specifically, it discloses its lower bound. By using the Lagrange interpolation we provide a protocol for the honest-but-curious case without revealing any additional information. Finally, we describe a protocol that is secure against malicious adversaries. The protocol applies a verification test to detect misbehaving participants. Both protocols require O(1) rounds of communication. Our protocols are more efficient than the previous protocols in terms of communication and computation overhead. Unlike previous protocols whose security relies on computational assumptions, our protocols provide information theoretic security. To our knowledge, our protocols are first ones that have been designed without a generic secure function evaluation. More importantly, they are the most efficient protocols for private disjointness tests for the malicious adversary case.

Distributed private matching and set operations

Motivated by the need of private set operations in a distributed environment, we extend the two-party private matching problem proposed by Freedman, Nissim and Pinkas (FNP) at Eurocrypt’04 to the distributed setting. By using a secret sharing scheme, we provide a distributed solution of the FNP private matching called the distributed private matching. In our distributed private matching scheme, we use a polynomial to represent one party’s dataset as in FNP and then distribute the polynomial to multiple servers. We extend our solution to the distributed set intersection and the cardinality of the intersection, and further we show how to apply the distributed private matching in order to compute distributed subset relation. Our work extends the primitives of private matching and set intersection by Freedman et al. Our distributed construction might be of great value when the dataset is outsourced and its privacy is the main concern. In such cases, our distributed solutions keep the utility of those set operations while the dataset privacy is not compromised. Comparing with previous works, we achieve a more efficient solution in terms of computation. All protocols constructed in this paper are provably secure against a semi-honest adversary under the Decisional Diffie-Hellman assumption.

Threshold privacy preserving keyword searches

We consider the following problem: users of an organization wish to outsource the storage of sensitive data to a large database server. It is assumed that the server storing the data is untrusted so the data stored have to be encrypted. We further suppose that the manager of the organization has the right to access all data, but a member of the organization can not access any data alone. The member must collaborate with other members to search for the desired data. In this paper, we investigate the notion of threshold privacy preserving keyword search (TPPKS) and define its security requirements. We construct a TPPKS scheme and show the proof of security under the assumptions of intractability of discrete logarithm, decisional Diffie-Hellman and computational Diffie-Hellman problems.

Continuous after-the-fact leakage-resilient key exchange

Security models for two-party authenticated key exchange (AKE) protocols have developed over time to provide security even when the adversary learns certain secret keys. In this work, we advance the modelling of AKE protocols by considering more granular, continuous leakage of long-term secrets of protocol participants: the adversary can adaptively request arbitrary leakage of long-term secrets even after the test session is activated, with limits on the amount of leakage per query but no bounds on the total leakage. We present a security model supporting continuous leakage even when the adversary learns certain ephemeral secrets or session keys, and give a generic construction of a two-pass leakage-resilient key exchange protocol that is secure in the model; our protocol achieves continuous, after-the-fact leakage resilience with not much more cost than a previous protocol with only bounded, non-after-the-fact leakage.

Key derivation function based on stream ciphers

A key derivation function (KDF) is a function that transforms secret non-uniformly random source material together with some public strings into one or more cryptographic keys. These cryptographic keys are used with a cryptographic algorithm for protecting electronic data during both transmission over insecure channels and storage. In this thesis, we propose a new method for constructing a generic stream cipher based key derivation function. We show that our proposed key derivation function based on stream ciphers is secure if the under-lying stream cipher is secure. We simulate instances of this stream cipher based key derivation function using three eStream nalist: Trivium, Sosemanuk and Rabbit. The simulation results show these stream cipher based key derivation functions offer efficiency advantages over the more commonly used key derivation functions based on block ciphers and hash functions.

Resilience and opportunity : regions and the roll-out of Australia's greenhouse gas abatement programs. A manual for Queensland's NRM regions

Voluntary and compliance markets for forest carbon and other (emission avoidance and biosequestration) activities are growing internationally and across Australia. Queensland and its Natural Resource Management (NRM) regions have an opportunity to take a variety of actions to help guide these markets to secure multiple landscape benefits and to build landscape resilience in the face of climate change. As the national arrangements for offsets within Australia’s Clean Energy Package (CEP) and emissions trading environment emerge, Queensland’s regions can prepare themselves and their landholding communities to take advantage of these opportunities to deliver improved climate resilience in their regional landscapes.

Conceptualising, evaluating and reporting social resilience in vulnerable regional and remote communities facing climate change in tropical Queensland : marine and tropical sciences research facility transition project final report

Regional and remote communities in tropical Queensland are among Australia’s most vulnerable in the face of climate change. At the same time, these socially and economically vulnerable regions house some of Australia’s most significant biodiversity values. Past approaches to terrestrial biodiversity management have focused on tackling biophysical interventions through the use of biophysical knowledge. An equally important focus should be placed on building regional-scale community resilience if some of the worst biodiversity impacts of climate change are to be avoided or mitigated. Despite its critical need, more systemic or holistic approaches to natural resource management have been rarely trialed and tested in a structured way. Currently, most strategic interventions in improving regional community resilience are ad hoc, not theory-based and short term. Past planning approaches have not been durable, nor have they been well informed by clear indicators. Research into indicators for community resilience has been poorly integrated within adaptive planning and management cycles. This project has aimed to resolve this problem by: * Reviewing the community and social resilience and adaptive planning literature to reconceptualise an improved framework for applying community resilience concepts; * Harvesting and extending work undertaken in MTSRF Phase 1 to identifying the learnings emerging from past MTSRF research; * Distilling these findings to identify new theoretical and practical approaches to the application of community resilience in natural resource use and management; * Reconsidering the potential interplay between a region’s biophysical and social planning processes, with a focus on exploring spatial tools to communicate climate change risk and its consequent environmental, economic and social impacts, and; * Trialling new approaches to indicator development and adaptive planning to improve community resilience, using a sub-regional pilot in the Wet Tropics. In doing so, we also looked at ways to improve the use and application of relevant spatial information. Our theoretical review drew upon the community development, psychology and emergency management literature to better frame the concept of community resilience relative to aligned concepts of social resilience, vulnerability and adaptive capacity. Firstly, we consider community resilience as a concept that can be considered at a range of scales (e.g. regional, locality, communities of interest, etc.). We also consider that overall resilience at higher scales will be influenced by resilience levels at lesser scales (inclusive of the resilience of constituent institutions, families and individuals). We illustrate that, at any scale, resilience and vulnerability are not necessarily polar opposites, and that some understanding of vulnerability is important in determining resilience. We position social resilience (a concept focused on the social characteristics of communities and individuals) as an important attribute of community resilience, but one that needs to be considered alongside economic, natural resource, capacity-based and governance attributes. The findings from the review of theory and MTSRF Phase 1 projects were synthesized and refined by the wider project team. Five predominant themes were distilled from this literature, research review and an expert analysis. They include the findings that: 1. Indicators have most value within an integrated and adaptive planning context, requiring an active co-research relationship between community resilience planners, managers and researchers if real change is to be secured; 2. Indicators of community resilience form the basis for planning for social assets and the resilience of social assets is directly related the longer term resilience of natural assets. This encourages and indeed requires the explicit development and integration of social planning within a broader natural resource planning and management framework; 3. Past indicator research and application has not provided a broad picture of the key attributes of community resilience and there have been many attempts to elicit lists of “perfect” indicators that may never be useful within the time and resource limitations of real world regional planning and management. We consider that modeling resilience for proactive planning and prediction purposes requires the consideration of simple but integrated clusters of attributes; 4. Depending on time and resources available for planning and management, the combined use of well suited indicators and/or other lesser “lines of evidence” is more flexible than the pursuit of perfect indicators, and that; 5. Index-based, collaborative and participatory approaches need to be applied to the development, refinement and reporting of indicators over longer time frames. We trialed the practical application of these concepts via the establishment of a collaborative regional alliance of planners and managers involved in the development of climate change adaptation strategies across tropical Queensland (the Gulf, Wet Tropics, Cape York and Torres Strait sub-regions). A focus on the Wet Tropics as a pilot sub-region enabled other Far North Queensland sub-region’s to participate and explore the potential extension of this approach. The pilot activities included: * Further exploring ways to innovatively communicate the region’s likely climate change scenarios and possible environmental, economic and social impacts. We particularly looked at using spatial tools to overlay climate change risks to geographic communities and social vulnerabilities within those communities; * Developing a cohesive first pass of a State of the Region-style approach to reporting community resilience, inclusive of regional economic viability, community vitality, capacitybased and governance attributes. This framework integrated a literature review, expert (academic and community) and alliance-based contributions; and * Early consideration of critical strategies that need to be included in unfolding regional planning activities with Far North Queensland. The pilot assessment finds that rural, indigenous and some urban populations in the Wet Tropics are highly vulnerable and sensitive to climate change and may require substantial support to adapt and become more resilient. This assessment finds that under current conditions (i.e. if significant adaptation actions are not taken) the Wet Tropics as a whole may be seriously impacted by the most significant features of climate change and extreme climatic events. Without early and substantive action, this could result in declining social and economic wellbeing and natural resource health. Of the four attributes we consider important to understanding community resilience, the Wet Tropics region is particularly vulnerable in two areas; specifically its economic vitality and knowledge, aspirations and capacity. The third and fourth attributes, community vitality and institutional governance are relatively resilient but are vulnerable in some key respects. In regard to all four of these attributes, however, there is some emerging capacity to manage the possible shocks that may be associated with the impacts of climate change and extreme climatic events. This capacity needs to be carefully fostered and further developed to achieve broader community resilience outcomes. There is an immediate need to build individual, household, community and sectoral resilience across all four attribute groups to enable populations and communities in the Wet Tropics region to adapt in the face of climate change. Preliminary strategies of importance to improve regional community resilience have been identified. These emerging strategies also have been integrated into the emerging Regional Development Australia Roadmap, and this will ensure that effective implementation will be progressed and coordinated. They will also inform emerging strategy development to secure implementation of the FNQ 2031 Regional Plan. Of most significance in our view, this project has taken a co-research approach from the outset with explicit and direct importance and influence within the region’s formal planning and management arrangements. As such, the research: * Now forms the foundations of the first attempt at “Social Asset” planning within the Wet Tropics Regional NRM Plan review; * Is assisting Local government at regional scale to consider aspects of climate change adaptation in emerging planning scheme/community planning processes; * Has partnered the State government (via the Department of Infrastructure and Planning and Regional Managers Coordination Network Chair) in progressing the Climate Change adaptation agenda set down within the FNQ 2031 Regional Plan; * Is informing new approaches to report on community resilience within the GBRMPA Outlook reporting framework; and * Now forms the foundation for the region’s wider climate change adaptation priorities in the Regional Roadmap developed by Regional Development Australia. Through the auspices of Regional Development Australia, the outcomes of the research will now inform emerging negotiations concerning a wider package of climate change adaptation priorities with State and Federal governments. Next stage research priorities are also being developed to enable an ongoing alliance between researchers and the region’s climate change response.

An attack-localizing watermarking scheme for natural language documents

We present a text watermarking scheme that embeds a bitstream watermark Wi in a text document P preserving the meaning, context, and flow of the document. The document is viewed as a set of paragraphs, each paragraph being a set of sentences. The sequence of paragraphs and sentences used to embed watermark bits is permuted using a secret key. Then, English language sentence transformations are used to modify sentence lengths, thus embedding watermarking bits in the Least Significant Bits (LSB) of the sentences’ cardinalities. The embedding and extracting algorithms are public, while the secrecy and security of the watermark depends on a secret key K. The probability of False Positives is extremely small, hence avoiding incidental occurrences of our watermark in random text documents. Majority voting provides security against text addition, deletion, and swapping attacks, further reducing the probability of False Positives. The scheme is secure against the general attacks on text watermarks such as reproduction (photocopying, FAX), reformatting, synonym substitution, text addition, text deletion, text swapping, paragraph shuffling and collusion attacks.

Formal analysis of card-based payment systems in mobile devices

To provide card holder authentication while they are conducting an electronic transaction using mobile devices, VISA and MasterCard independently proposed two electronic payment protocols: Visa 3D Secure and MasterCard Secure Code. The protocols use pre-registered passwords to provide card holder authentication and Secure Socket Layer/ Transport Layer Security (SSL/TLS) for data confidentiality over wired networks and Wireless Transport Layer Security (WTLS) between a wireless device and a Wireless Application Protocol (WAP) gateway. The paper presents our analysis of security properties in the proposed protocols using formal method tools: Casper and FDR2. We also highlight issues concerning payment security in the proposed protocols.