789 resultados para electronic commerce security
Resumo:
Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.
Resumo:
Protection of passwords used to authenticate computer systems and networks is one of the most important application of cryptographic hash functions. Due to the application of precomputed memory look up attacks such as birthday and dictionary attacks on the hash values of passwords to find passwords, it is usually recommended to apply hash function to the combination of both the salt and password, denoted salt||password, to prevent these attacks. In this paper, we present the first security analysis of salt||password hashing application. We show that when hash functions based on the compression functions with easily found fixed points are used to compute the salt||password hashes, these hashes are susceptible to precomputed offline birthday attacks. For example, this attack is applicable to the salt||password hashes computed using the standard hash functions such as MD5, SHA-1, SHA-256 and SHA-512 that are based on the popular Davies-Meyer compression function. This attack exposes a subtle property of this application that although the provision of salt prevents an attacker from finding passwords, salts prefixed to the passwords do not prevent an attacker from doing a precomputed birthday attack to forge an unknown password. In this forgery attack, we demonstrate the possibility of building multiple passwords for an unknown password for the same hash value and salt. Interestingly, password||salt (i.e. salts suffixed to the passwords) hashes computed using Davies-Meyer hash functions are not susceptible to this attack, showing the first security gap between the prefix-salt and suffix-salt methods of hashing passwords.
Resumo:
Background Historically, the paper hand-held record (PHR) has been used for sharing information between hospital clinicians, general practitioners and pregnant women in a maternity shared-care environment. Recently in alignment with a National e-health agenda, an electronic health record (EHR) was introduced at an Australian tertiary maternity service to replace the PHR for collection and transfer of data. The aim of this study was to examine and compare the completeness of clinical data collected in a PHR and an EHR. Methods We undertook a comparative cohort design study to determine differences in completeness between data collected from maternity records in two phases. Phase 1 data were collected from the PHR and Phase 2 data from the EHR. Records were compared for completeness of best practice variables collected The primary outcome was the presence of best practice variables and the secondary outcomes were the differences in individual variables between the records. Results Ninety-four percent of paper medical charts were available in Phase 1 and 100% of records from an obstetric database in Phase 2. No PHR or EHR had a complete dataset of best practice variables. The variables with significant improvement in completeness of data documented in the EHR, compared with the PHR, were urine culture, glucose tolerance test, nuchal screening, morphology scans, folic acid advice, tobacco smoking, illicit drug assessment and domestic violence assessment (p = 0.001). Additionally the documentation of immunisations (pertussis, hepatitis B, varicella, fluvax) were markedly improved in the EHR (p = 0.001). The variables of blood pressure, proteinuria, blood group, antibody, rubella and syphilis status, showed no significant differences in completeness of recording. Conclusion This is the first paper to report on the comparison of clinical data collected on a PHR and EHR in a maternity shared-care setting. The use of an EHR demonstrated significant improvements to the collection of best practice variables. Additionally, the data in an EHR were more available to relevant clinical staff with the appropriate log-in and more easily retrieved than from the PHR. This study contributes to an under-researched area of determining data quality collected in patient records.
Resumo:
Layered materials exhibit intriguing electronic characteristics and the search for new types of two-dimensional (2D) structures is of importance for future device fabrication. Using state-of-art first principle calculations, we identify and characterize the structural and electronic properties of two 2D layered arsenic materials, namely, arsenic and its alloy AsSb. The stable 2D structural configuration of arsenic is confirmed to be the low-buckled two-dimensional hexagonal structure by phonon and binding energy calculations. The monolayer exhibits indirect semiconducting properties with gap around 1.5 eV (corrected to 2.2 eV by hybrid function), which can be modulated into a direct semiconductor within a small amount of tensile strain. These semiconducting properties are preserved when cutting into 1D nanoribbons, but the band gap is edge dependent. It is interesting to find that an indirect to direct gap transition can be achieved under strain modulation of the armchair ribbon. Essentially the same phenomena can be found in layered AsSb, except a weak Rashba induced band splitting is present in AsSb due to the nonsymmetric structure and spin orbit coupling. When an additional layer is added on the top, a semiconductor–metal transition will occur. The findings here broaden the family of 2D materials beyond graphene and transition metal dichalcogenides and provide useful information for experimental fabrication of new layered materials with possible application in optoelectronics.
Resumo:
We present an approach for detecting sensor spoofing attacks on a cyber-physical system. Our approach consists of two steps. In the first step, we construct a safety envelope of the system. Under nominal conditions (that is, when there are no attacks), the system always stays inside its safety envelope. In the second step, we build an attack detector: a monitor that executes synchronously with the system and raises an alarm whenever the system state falls outside the safety envelope. We synthesize safety envelopes using a modified machine learning procedure applied on data collected from the system when it is not under attack. We present experimental results that show effectiveness of our approach, and also validate the several novel features that we introduced in our learning procedure.
Resumo:
Our contemporary concerns about food range from food security to agricultural sustainability to getting dinner on the table for family and friends. This book investigates food issues as they intersect with participatory Internet culture--blogs, wikis, online photo- and video-sharing platforms, and social networks in efforts to bring about a healthy, socially inclusive, and sustainable food future. Focusing on our urban environments provisioned with digital and network capacities, and drawing on such "bottom-up" sociotechnical trends as DIY and open source, the chapters describe engagements with food and technology that engender (re-)creative interactions.
Resumo:
Decision-making is such an integral aspect in health care routine that the ability to make the right decisions at crucial moments can lead to patient health improvements. Evidence-based practice, the paradigm used to make those informed decisions, relies on the use of current best evidence from systematic research such as randomized controlled trials. Limitations of the outcomes from randomized controlled trials (RCT), such as “quantity” and “quality” of evidence generated, has lowered healthcare professionals’ confidence in using EBP. An alternate paradigm of Practice-Based Evidence has evolved with the key being evidence drawn from practice settings. Through the use of health information technology, electronic health records (EHR) capture relevant clinical practice “evidence”. A data-driven approach is proposed to capitalize on the benefits of EHR. The issues of data privacy, security and integrity are diminished by an information accountability concept. Data warehouse architecture completes the data-driven approach by integrating health data from multi-source systems, unique within the healthcare environment.
Resumo:
Background The use of Electronic Medical Record (EMR) systems is increasing internationally, though developing countries, such as Saudi Arabia, have tended to lag behind in the adoption and implementation of EMR systems due to several barriers. The literature shows that the main barriers to EMR in Saudi Arabia are lack of knowledge or experience using EMR systems and staff resistance to using the implemented EMR system. Methods A quantitative methodology was used to examine health personnel knowledge and acceptance of and preference for EMR systems in seven Saudi public hospitals in Jeddah, Makkah and Taif cities. Results Both English literacy and education levels were significantly correlated with computer literacy and EMR literacy. Participants whose first language was not Arabic were more likely to prefer using an EMR system compared to those whose first language was Arabic. Conclusion This study suggests that as computer literacy levels increase, so too do staff preferences for using EMR systems. Thus, it would be beneficial for hospitals to assess English language proficiency and computer literacy levels of staff prior to implementing an EMR system. It is recommended that hospitals need to offer training and targeted educational programs to the potential users of the EMR system. This would help to increase English language proficiency and computer literacy levels of staff as well as staff acceptance of the system.
Resumo:
The workshop is an activity of the IMIA Working Group ‘Security in Health Information Systems’ (SiHIS). It is focused to the growing global problem: how to protect personal health data in today’s global eHealth and digital health environment. It will review available trust building mechanisms, security measures and privacy policies. Technology alone does not solve this complex problem and current protection policies and legislation are considered woefully inadequate. Among other trust building tools, certification and accreditation mechanisms are dis-cussed in detail and the workshop will determine their acceptance and quality. The need for further research and international collective action are discussed. This workshop provides an opportunity to address a critical growing problem and make pragmatic proposals for sustainable and effective solutions for global eHealth and digital health.
Resumo:
This paper describes the use of exploratory focus groups to inform the development of a survey instrument in a sequential phase mixed methods study investigating differences in secondary students’ career choice capability. Five focus groups were conducted with 23 year 10 students in the state of New South Wales (NSW), Australia. Analysis of the focus group data informed the design of the instrument for the second phase of the research project: a large-scale cross-sectional survey. In this paper, we discuss the benefits of using sequential phase mixed method approaches when inquiring into complex phenomena such as human capability.
Resumo:
The main aim of the present study was to estimate size segregated doses from e-cigarette aerosols as a function of the airway generation number in lung lobes.. After a 2-second puff, 7.7×1010 particles (DTot) with a surface area of 3.6×103 mm2 (STot), and 3.3×1010 particles with a surface area of 4.2×103 mm2 were deposited in the respiratory system for the electronic and conventional cigarettes, respectively. Alveolar and tracheobronchial deposited doses were compared to the ones received by non-smoking individuals in Western countries, showing a similar order of magnitude. Total regional doses (DR), in head and lobar tracheobronchial and alveolar regions, ranged from 2.7×109 to 1.3×1010 particles and 1.1×109 to 5.3×1010 particles, for the electronic and conventional cigarettes, respectively. DR in the right-upper lung lobe was about twice that found in left-upper lobe and 20% greater in right-lower lobe than the left-lower lobe.
Resumo:
Anthony Dunne’s Hertzian Tales is an exploration of the aesthetic and conceptual aspects of industrial design and its potential to bring about social change for the users of electronic objects. It is a provoking and – to first-time readers – positively alarming social commentary on the interrelationship between electronic product design and culture, and the powerful but largely under-explored potential of electronic innovation to trigger social awareness. Hertzian Tales proposes an innovative approach to critical design and therefore serves as a reflection on and a critique of the commercial design practices at large. In this second edition, Dunne reiterates the original rationale for his project: a concern that the majority of industrial designers have unwittingly joined a treadmill culture of post-industrial mass-production – turning out electronic goods that have long simply met the brief of an optimally functioning and eagerly consumable technology.
Resumo:
Preface The 9th Australasian Conference on Information Security and Privacy (ACISP 2004) was held in Sydney, 13–15 July, 2004. The conference was sponsored by the Centre for Advanced Computing – Algorithms and Cryptography (ACAC), Information and Networked Security Systems Research (INSS), Macquarie University and the Australian Computer Society. The aims of the conference are to bring together researchers and practitioners working in areas of information security and privacy from universities, industry and government sectors. The conference program covered a range of aspects including cryptography, cryptanalysis, systems and network security. The program committee accepted 41 papers from 195 submissions. The reviewing process took six weeks and each paper was carefully evaluated by at least three members of the program committee. We appreciate the hard work of the members of the program committee and external referees who gave many hours of their valuable time. Of the accepted papers, there were nine from Korea, six from Australia, five each from Japan and the USA, three each from China and Singapore, two each from Canada and Switzerland, and one each from Belgium, France, Germany, Taiwan, The Netherlands and the UK. All the authors, whether or not their papers were accepted, made valued contributions to the conference. In addition to the contributed papers, Dr Arjen Lenstra gave an invited talk, entitled Likely and Unlikely Progress in Factoring. This year the program committee introduced the Best Student Paper Award. The winner of the prize for the Best Student Paper was Yan-Cheng Chang from Harvard University for his paper Single Database Private Information Retrieval with Logarithmic Communication. We would like to thank all the people involved in organizing this conference. In particular we would like to thank members of the organizing committee for their time and efforts, Andrina Brennan, Vijayakrishnan Pasupathinathan, Hartono Kurnio, Cecily Lenton, and members from ACAC and INSS.
Resumo:
This study questions how the categories of security, education and literacy were brought together as related elements of a whole-of-government strategy in the production of civil society. Drawing on an analysis of key political texts, the study argues that the categories of education and literacy have been used in diverse ways in the production of national, social, economic and geopolitical security interests. As dialogue about security has intensified, rationalisations about the national interest have engaged notions of security leading to the legitimation of a diverse set of policy instruments, strategically used to contain the rise of complex social forces and protect homogenous cultural values.
A LIN inspired optical bus for signal isolation in multilevel or modular power electronic converters
Resumo:
Proposed in this paper is a low-cost, half-duplex optical communication bus for control signal isolation in modular or multilevel power electronic converters. The concept is inspired by the Local Interconnect Network (LIN) serial network protocol as used in the automotive industry. The proposed communications bus utilises readily available optical transceivers and is suitable for use with low-cost microcontrollers for distributed control of multilevel converters. As a signal isolation concept, the proposed optical bus enables very high cell count modular multilevel cascaded converters (MMCCs) for high-bandwidth, high-voltage and high-power applications. Prototype hardware is developed and the optical bus concept is validated experimentally in a 33-level MMCC converter operating at 120 Vrms and 60 Hz.