Factors that influence Information Systems decisions and outcomes: A summary of key themes from four case studies" (2006). ACIS 2006 Proceedings. Paper 43.

This paper reports a summary of key findings from an examination of Information Systems decision making in four organisations. The study focused on what factors influenced decision makers during the critical preimplementation phase of Information Systems projects when systems were evaluated, selected and acquired. Using data gathered from interviews and organisational documentation, a critical hermeneutic analysis was performed in order to build an understanding of how informational and contextual influences acted on decision makers. Eight broad themes of factors were identified as having influence on decision makers and outcomes.

An efficient public key management regime for vehicular ad hoc networks (VANETS)

The primary goal of the Vehicular Ad Hoc Network (VANET) is to provide real-time safety-related messages to motorists to enhance road safety. Accessing and disseminating safety-related information through the use of wireless communications technology in VANETs should be secured, as motorists may make critical decisions in dealing with an emergency situation based on the received information. If security concerns are not addressed in developing VANET systems, an adversary can tamper with, or suppress, the unprotected message to mislead motorists to cause traffic accidents and hazards. Current research on secure messaging in VANETs focuses on employing the certificate-based Public Key Infrastructure (PKI) scheme to support message encryption and digital signing. The security overhead of such a scheme, however, creates a transmission delay and introduces a time-consuming verification process to VANET communications. This thesis has proposed a novel public key verification and management approach for VANETs; namely, the Public Key Registry (PKR) regime. Compared to the VANET PKI scheme, this new approach can satisfy necessary security requirements with improved performance and scalability, and at a lower cost by reducing the security overheads of message transmission and eliminating digital certificate deployment and maintenance issues. The proposed PKR regime consists of the required infrastructure components, rules for public key management and verification, and a set of interactions and associated behaviours to meet these rule requirements. This is achieved through a system design as a logic process model with functional specifications. The PKR regime can be used as development guidelines for conforming implementations. An analysis and evaluation of the proposed PKR regime includes security features assessment, analysis of the security overhead of message transmission, transmission latency, processing latency, and scalability of the proposed PKR regime. Compared to certificate-based PKI approaches, the proposed PKR regime can maintain the necessary security requirements, significantly reduce the security overhead by approximately 70%, and improve the performance by 98%. Meanwhile, the result of the scalability evaluation shows that the latency of employing the proposed PKR regime stays much lower at approximately 15 milliseconds, whether operating in a huge or small environment. It is therefore believed that this research will create a new dimension to the provision of secure messaging services in VANETs.

On forward secrecy in one-round key exchange

Most one-round key exchange protocols provide only weak forward secrecy at best. Furthermore, one-round protocols with strong forward secrecy often break badly when faced with an adversary who can obtain ephemeral keys. We provide a characterisation of how strong forward secrecy can be achieved in one-round key exchange. Moreover, we show that protocols exist which provide strong forward secrecy and remain secure with weak forward secrecy even when the adversary is allowed to obtain ephemeral keys. We provide a compiler to achieve this for any existing secure protocol with weak forward secrecy.

Information sharing with key suppliers : a contingency approach

This paper focuses on information sharing with key suppliers and seeks to explore the factors that might influence its extent and depth. We also investigate how information sharing affects a company’s performance with regards to resource usage, output, and flexibility. Drawing from transaction cost- and contingency theories, several factors, namely environmental uncertainty, demand uncertainty, dependency and, the product life cycle stage are proposed to explain the level of information shared with key suppliers. We develop a model where information sharing mediates the (contingent) factors and company performance. A mail survey was used to collect data from Finnish and Swedish companies. Partial Least Squares analysis was separately performed for each country (n=119, n=102). There was consistent evidence that environmental uncertainty, demand uncertainty and supplier/buyer dependency had explanatory power, whereas no significance was found for the product life cycle stage. The results also confirm previous studies by providing support for a positive relationship between information sharing and performance, where output performance was found to be the most strongly related

Determinants and effects of information sharing with key suppliers

This paper focuses on information sharing with key suppliers and seeks to explore the factors that might influence its extent and depth. We also investigate how information sharing affects a company’s performance with regards to resource usage, output, and flexibility. Drawing from transaction cost- and contingency theories, several factors, namely environmental uncertainty, demand uncertainty, dependency and, the product life cycle stage are proposed to explain the level of information shared with key suppliers. We develop a model where information sharing mediates the (contingent) factors and company performance. A mail survey was used to collect data from Finnish and Swedish companies. Partial Least Squares analysis was separately performed for each country (n=119, n=102). There was consistent evidence that environmental uncertainty, demand uncertainty and supplier/buyer dependency had explanatory power, whereas no significance was found for the relationship between product life cycle stage and information sharing. The results also confirm previous studies by providing support for a positive relationship between information sharing and performance, where output performance was found to be the most strongly related.

Towards a provably secure DoS-Resilient key exchange protocol with perfect forward secrecy

Just Fast Keying (JFK) is a simple, efficient and secure key exchange protocol proposed by Aiello et al. (ACM TISSEC, 2004). JFK is well known for its novel design features, notably its resistance to denial-of-service (DoS) attacks. Using Meadows’ cost-based framework, we identify a new DoS vulnerability in JFK. The JFK protocol is claimed secure in the Canetti-Krawczyk model under the Decisional Diffie-Hellman (DDH) assumption. We show that security of the JFK protocol, when reusing ephemeral Diffie-Hellman keys, appears to require the Gap Diffie-Hellman (GDH) assumption in the random oracle model. We propose a new variant of JFK that avoids the identified DoS vulnerability and provides perfect forward secrecy even under the DDH assumption, achieving the full security promised by the JFK protocol.

Modeling key compromise impersonation attacks on group key exchange protocols

Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, an important security attribute called key compromise impersonation (KCI) resilience has been completely ignored for the case of GKE protocols. Informally, a protocol is said to provide KCI resilience if the compromise of the long-term secret key of a protocol participant A does not allow the adversary to impersonate an honest participant B to A. In this paper, we argue that KCI resilience for GKE protocols is at least as important as it is for 2PKE protocols. Our first contribution is revised definitions of security for GKE protocols considering KCI attacks by both outsider and insider adversaries. We also give a new proof of security for an existing two-round GKE protocol under the revised security definitions assuming random oracles. We then show how to achieve insider KCIR in a generic way using a known compiler in the literature. As one may expect, this additional security assurance comes at the cost of an extra round of communication. Finally, we show that a few existing protocols are not secure against outsider KCI attacks. The attacks on these protocols illustrate the necessity of considering KCI resilience for GKE protocols.

Anonymity and one-way authentication in key exchange protocols

Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.

Why perform pro-social behaviours? Understanding the key sources of perceived value in preventative health services

In maintaining quality of life, preventative health is an important area in which the performance of pro-social behaviours provides benefits to individuals who perform them as well as society. The establishment of the Preventative Health Taskforce in Australia demonstrates the significance of preventative health and aims to provide governments and health providers with evidence-based advice on preventative health issues (Preventative Health Taskforce, 2009). As preventative health behaviours are voluntary, for consumers to sustain this behaviour there needs to be a value proposition (Dann, 2008; Kotler and Lee, 2008). Customer value has been shown to influence repeat behaviour (McDougall and Levesque, 2000), word-of-mouth (Hartline and Jones, 1999), and attitudes (Dick and Basu, 2008). However to date there is little research that investigates the source of value for preventative health services. This qualitative study explores and identifies three categories of sources that influence four dimensions of value – functional, emotional, social and altruistic (Holbrook 2006). A conceptual model containing five propositions outlining these relationships is presented. This study provides evidence-based research that reveals sources of value that influence individuals’ decisions to perform pro-social behaviours in the long-term through their use of preventative health services. This research uses BreastScreen Queensland (BSQ), a cancer screening service, as the service context.

Key competences of design-build clients in China

Purpose-- DB clients play a vital role in the delivery of DB system and the clients’ competences are critical to the success of DB projects. Most of DB clients, however, remain inexperienced with the DB system. This study, therefore, aims to identify the key competences that DB clients should possess to ensure the success of DB projects in the construction market of China. Design/Methodology/Approach -- Five semi-structured face-to-face interviews and two rounds Delphi questionnaire survey were conducted in the construction market of China to identify the key competences of DB clients. Rankings have been assigned to these key competences on the basis of their relative importance. Findings-- Six ranked key competences of DB clients have been identified, which are, namely, (1) the ability to clearly define project scope and objectives; (2) financial capacity for the projects; (3) capacity in contract management; (4) adequate staff or consulting team; (5) effective coordination with DB contractors and (6) experience with similar design-build projects. Calculation of Kendall’s Coefficient of Concordance (W) indicates a statistically significant consensus of panel experts on these top six key competences. Practical implications—Clients should clearly understand the competence requirements in DB projects and should assess their DB capability before going for the DB option. Originality/Value-- The examination of DB client’s key competences will help the client deepen the understanding of the DB system. DB clients can also make use of the research findings as guidelines to improve their DB competence.

Identification of key competences of design-builders in the construction market of the People’s Republic of China (PRC)

Design-builders play a vital role in the success of DB projects. In the construction market of the People’s Republic of China, most of the design-builders, however, lack adequate competences to conduct the DB projects successfully. The objective of this study is, therefore, to identify the key competences that design-builders should possess to not only ensure the success of DB projects but also acquire the competitive advantages in the DB market. Five semi-structured face-to-face interviews and two rounds of Delphi questionnaire survey were conducted to identify the key competences of design-builders. Rankings have been assigned to these key competences on the basis of their relative importance. Six ranked key competences of design-builders have been identified, which are, namely, (1) experience with similar DB projects; (2) capability of corporate management; (3) combination of building techniques and design expertise; (4) financial capability for DB projects; (5) enterprise qualification and scale; and (6) credit records and reputation in the industry. The design-builders can make use of the research findings as guidelines to improve their DB competence. These research findings will also be useful to clients during the selection of design-builders.

Identification of key competences of DB clients in the construction market of China

The design-build system has been demonstrated as an effective delivery method and gained popularity worldwide. Although there are an increasing number of clients adopting DB method in China, most of them remain inexperienced with method. The objective of this study is therefore to identify the key competences that a client or its consultant should possess to ensure the success of DB projects. Face-to-face interviews and a two-round Delphi questionnaire survey were conducted to find the following six key competences of clients, which include the (1) ability to clearly articulate project scope and objectives; (2) financial capacity for DB projects; (3) capability in contract management; (4) adequate staff or consulting team; (5) effective coordination with contractors and (6) experience with similar DB projects. This study will hopefully provide clients with measures to evaluate their DB competence and further promote their understanding of DB system in the PRC.