Encryption schemes and key exchange protocols in the certificateless setting

The contributions of this thesis fall into three areas of certificateless cryptography. The first area is encryption, where we propose new constructions for both identity-based and certificateless cryptography. We construct an n-out-of- n group encryption scheme for identity-based cryptography that does not require any special means to generate the keys of the trusted authorities that are participating. We also introduce a new security definition for chosen ciphertext secure multi-key encryption. We prove that our construction is secure as long as at least one authority is uncompromised, and show that the existing constructions for chosen ciphertext security from identity-based encryption also hold in the group encryption case. We then consider certificateless encryption as the special case of 2-out-of-2 group encryption and give constructions for highly efficient certificateless schemes in the standard model. Among these is the first construction of a lattice-based certificateless encryption scheme. Our next contribution is a highly efficient certificateless key encapsulation mechanism (KEM), that we prove secure in the standard model. We introduce a new way of proving the security of certificateless schemes based that are based on identity-based schemes. We leave the identity-based part of the proof intact, and just extend it to cover the part that is introduced by the certificateless scheme. We show that our construction is more efficient than any instanciation of generic constructions for certificateless key encapsulation in the standard model. The third area where the thesis contributes to the advancement of certificateless cryptography is key agreement. Swanson showed that many certificateless key agreement schemes are insecure if considered in a reasonable security model. We propose the first provably secure certificateless key agreement schemes in the strongest model for certificateless key agreement. We extend Swanson's definition for certificateless key agreement and give more power to the adversary. Our new schemes are secure as long as each party has at least one uncompromised secret. Our first construction is in the random oracle model and gives the adversary slightly more capabilities than our second construction in the standard model. Interestingly, our standard model construction is as efficient as the random oracle model construction.

Effect of biochar amendment on the soil-atmosphere exchange of greenhouse gases from an intensive subtropical pasture in northern New South Wales, Australia

We assessed the effect of biochar incorporation into the soil on the soil-atmosphere exchange of the greenhouse gases (GHG) from an intensive subtropical pasture. For this, we measured N2O, CH4 and CO2 emissions with high temporal resolution from April to June 2009 in an existing factorial experiment where cattle feedlot biochar had been applied at 10 t ha-1 in November 2006. Over the whole measurement period, significant emissions of N2O and CO2 were observed, whereas a net uptake of CH4 was measured. N2O emissions were found to be highly episodic with one major emission pulse (up to 502 µg N2O-N m-2 h 1) following heavy rainfall. There was no significant difference in the net flux of GHGs from the biochar amended vs. the control plots. Our results demonstrate that intensively managed subtropical pastures on ferrosols in northern New South Wales of Australia can be a significant source of GHG. Our hypothesis that the application of biochar would lead to a reduction in emissions of GHG from soils was not supported in this field assessment. Additional studies with longer observation periods are needed to clarify the long term effect of biochar amendment on soil microbial processes and the emission of GHGs under field conditions.

Building on the past for the future : assessment for learning as a field of exchange

Standardised testing does not recognise the creativity and skills of marginalised youth. This paper presents the development of an innovative approach to assessment designed for the re-engagement of at risk youth who have left formal schooling and are now in an alternative education institution. An electronic portfolio system (EPS) has been developed to capture, record and build on the broad range of students’ cultural and social capital. The assessment as a field of exchange model draws on categories from sociological fields of capital and reconceptualises an eportfolio and social networking hybrid system as a sociocultural zone of learning and development. The EPS, and assessment for learning more generally, are conceptualised as social fields for the exchange of capital (Bourdieu 1977, 1990). The research is underpinned by a sociocultural theoretical perspective that focuses on how students and teachers at the Flexible Learning Centre (FLC) develop and learn, within the zone of proximal development (Vygotsky, 1978). The EPS is seen to be highly effective in the engagement and social interaction between students, teachers and institutions. It is argued throughout this paper that the EPS provides a structurally identifiable space, an arena of social activity, or a field of exchange. The students, teachers and the FLC within this field are producing cultural capital exchanges. The term efield (exchange field) has been coined to refer to this constructed abstract space. Initial results from the trial show a general tendency towards engagement with the EPS and potential for the attainment of socially valued cultural capital in the form of school credentials.

The impact of the Malaysian code on corporate governance: compliance, institutional investors and stock performance

In 2001, the Malaysian Code on Corporate Governance (MCCG) became an integral part of the Bursa Malaysia Listing Rules, which requires all listed firms to disclose the extent of compliance with the MCCG. Our panel analysis of 440 firms from 1999 to 2002 finds that corporate governance reform in Malaysia has been successful, with a significant improvement in governance practices. The relationship between ownership by the Employees Provident Fund (EPF) and corporate governance has strengthened during the period subsequent to the reform, in line with the lead role taken by the EPF in establishing the Minority Shareholders Watchdog Group. The implementation of MCCG has had a substantial effect on shareholders' wealth, increasing stock prices by an average of about 4.8%. Although there is no evidence that politically connected firms perform better, political connections do have a significantly negative effect on corporate governance, which is mitigated by institutional ownership.

Exchange design patterns for electronic intermediairies

Intermediaries have introduced electronic services with varying success. One of the problems an intermediary faces is deciding what kind of exchange service it should offer to its customers and suppliers. For example, should it only provide a catalogue or should it also enable customers to order products? Developing the right exchange design is a complex undertaking because of the many design options on the one hand and the interests of multiple actors to be considered on the other. This is far more difficult than simple prescriptions like ‘creating a win-win situation’ suggest. We address this problem by developing design patterns for the exchanges between customers, intermediary, and suppliers related to role, linkage, transparency, and ovelty choices. For developing these design patterns, we studied four distinct electronic intermediaries and dentified exchange design choices that require trade-offs relating to the interests of customers, intermediary, and suppliers. The exchange design patterns contribute to the development of design theory for electronic intermediaries by filling a gap between basic business models and detailed business process designs.

Room ventilation and the risk of airborne infection transmission in three health care settings within a large teaching hospital

Background: Room ventilation is a key determinant of airborne disease transmission. Despite this, ventilation guidelines in hospitals are not founded on robust scientific evidence related to prevention of airborne transmission. Methods: We sought to assess the effect of ventilation rates on influenza, tuberculosis (TB) and rhinovirus infection risk within three distinct rooms in a major urban hospital; a Lung Function Laboratory, Emergency Department (ED) Negative-pressure Isolation Room and an Outpatient Consultation Room were investigated. Air exchange rate measurements were performed in each room using CO2 as a tracer. Gammaitoni and Nucci’s model was employed to estimate infection risk. Results: Current outdoor air exchange rates in the Lung Function Laboratory and ED Isolation Room limited infection risks to between 0.1 and 3.6%. Influenza risk for individuals entering an Outpatient Consultation Room after an infectious individual departed ranged from 3.6 to 20.7%, depending on the duration for which each person occupied the room. Conclusions: Given the absence of definitive ventilation guidelines for hospitals, air exchange measurements combined with modelling afford a useful means of assessing, on a case-by-case basis, the suitability of room ventilation at preventing airborne disease transmission.

On forward secrecy in one-round key exchange

Most one-round key exchange protocols provide only weak forward secrecy at best. Furthermore, one-round protocols with strong forward secrecy often break badly when faced with an adversary who can obtain ephemeral keys. We provide a characterisation of how strong forward secrecy can be achieved in one-round key exchange. Moreover, we show that protocols exist which provide strong forward secrecy and remain secure with weak forward secrecy even when the adversary is allowed to obtain ephemeral keys. We provide a compiler to achieve this for any existing secure protocol with weak forward secrecy.

Taking stock of temporary organizational forms : a systematic review and research agenda

This paper brings together the research on temporary organizational forms. Despite a recent surge in publications on this topic, there have been few attempts to integrate knowledge on what we know of such temporary forms of organization. In order to correct this, an integrative framework is proposed around four central themes: time, team, task and context. Within each of these themes, the paper offers an overview of the literature, the gaps in what we know, and what future directions might be taken by scholars hoping to contribute to this important and rapidly growing field.

The exchange: an experiment in environmentally sustainable urban practice for a subtropical climate

The exchange pavilion offers a dialogue between two Expositions: 1998 in Brisbane and 2010 in Shanghai; and a chance to examine the impact that climate change will have on urban best practice outcomes in cities of the future. The Exchange exhibits the proposition that environmentally sustainable buildings need to interact responsively with a range of technical innovations to enable communities (and hence cities) to control and better manage their immediate environment. The 'Exchange' pavilion is a design experiment that integrates 3 key research elements: * An interactive digital exchange * A living green system wall (vertical and temporal) * A public urban star (horizontal and spatial) The proposition argues that the environmentally sustainability of any city is reliant on harnessing the full spectrum of intellectual and creative capital of the winder community (from universities to Government bodies to citizens) - a true knowledge city.

Towards a provably secure DoS-Resilient key exchange protocol with perfect forward secrecy

Just Fast Keying (JFK) is a simple, efficient and secure key exchange protocol proposed by Aiello et al. (ACM TISSEC, 2004). JFK is well known for its novel design features, notably its resistance to denial-of-service (DoS) attacks. Using Meadows’ cost-based framework, we identify a new DoS vulnerability in JFK. The JFK protocol is claimed secure in the Canetti-Krawczyk model under the Decisional Diffie-Hellman (DDH) assumption. We show that security of the JFK protocol, when reusing ephemeral Diffie-Hellman keys, appears to require the Gap Diffie-Hellman (GDH) assumption in the random oracle model. We propose a new variant of JFK that avoids the identified DoS vulnerability and provides perfect forward secrecy even under the DDH assumption, achieving the full security promised by the JFK protocol.

Modeling key compromise impersonation attacks on group key exchange protocols

Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, an important security attribute called key compromise impersonation (KCI) resilience has been completely ignored for the case of GKE protocols. Informally, a protocol is said to provide KCI resilience if the compromise of the long-term secret key of a protocol participant A does not allow the adversary to impersonate an honest participant B to A. In this paper, we argue that KCI resilience for GKE protocols is at least as important as it is for 2PKE protocols. Our first contribution is revised definitions of security for GKE protocols considering KCI attacks by both outsider and insider adversaries. We also give a new proof of security for an existing two-round GKE protocol under the revised security definitions assuming random oracles. We then show how to achieve insider KCIR in a generic way using a known compiler in the literature. As one may expect, this additional security assurance comes at the cost of an extra round of communication. Finally, we show that a few existing protocols are not secure against outsider KCI attacks. The attacks on these protocols illustrate the necessity of considering KCI resilience for GKE protocols.

Development and validation of an expedited 10g protein counter (EP-10) for dietary protein intake quantification

Precise protein quantification is essential in clinical dietetics, particularly in the management of renal, burn and malnourished patients. The EP-10 was developed to expedite the estimation of dietary protein for nutritional assessment and recommendation. The main objective of this study was to compare the validity and efficacy of the EP-10 with the American Dietetic Association’s “Exchange List for Meal Planning” (ADA-7g) in quantifying dietary protein intake, against computerised nutrient analysis (CNA). Protein intake of 197 food records kept by healthy adult subjects in Singapore was determined thrice using three different methods – (1) EP-10, (2) ADA-7g and (3) CNA using SERVE program (Version 4.0). Assessments using the EP-10 and ADA-7g were performed by two assessors in a blind crossover manner while a third assessor performed the CNA. All assessors were blind to each other’s results. Time taken to assess a subsample (n=165) using the EP-10 and ADA-7g was also recorded. Mean difference in protein intake quantification when compared to the CNA was statistically non-significant for the EP-10 (1.4 ± 16.3 g, P = .239) and statistically significant for the ADA-7g (-2.2 ± 15.6 g, P = .046). Both the EP-10 and ADA-7g had clinically acceptable agreement with the CNA as determined via Bland-Altman plots, although it was found that EP-10 had a tendency to overestimate with protein intakes above 150 g. The EP-10 required significantly less time for protein intake quantification than the ADA-7g (mean time of 65 ± 36 seconds vs. 111 ± 40 seconds, P < .001). The EP-10 and ADA-7g are valid clinical tools for protein intake quantification in an Asian context, with EP-10 being more time efficient. However, a dietician’s discretion is needed when the EP-10 is used on protein intakes above 150g.

Anonymity and one-way authentication in key exchange protocols

Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.