Towards a provably secure DoS-Resilient key exchange protocol with perfect forward secrecy

Just Fast Keying (JFK) is a simple, efficient and secure key exchange protocol proposed by Aiello et al. (ACM TISSEC, 2004). JFK is well known for its novel design features, notably its resistance to denial-of-service (DoS) attacks. Using Meadows’ cost-based framework, we identify a new DoS vulnerability in JFK. The JFK protocol is claimed secure in the Canetti-Krawczyk model under the Decisional Diffie-Hellman (DDH) assumption. We show that security of the JFK protocol, when reusing ephemeral Diffie-Hellman keys, appears to require the Gap Diffie-Hellman (GDH) assumption in the random oracle model. We propose a new variant of JFK that avoids the identified DoS vulnerability and provides perfect forward secrecy even under the DDH assumption, achieving the full security promised by the JFK protocol.

Modeling key compromise impersonation attacks on group key exchange protocols

Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, an important security attribute called key compromise impersonation (KCI) resilience has been completely ignored for the case of GKE protocols. Informally, a protocol is said to provide KCI resilience if the compromise of the long-term secret key of a protocol participant A does not allow the adversary to impersonate an honest participant B to A. In this paper, we argue that KCI resilience for GKE protocols is at least as important as it is for 2PKE protocols. Our first contribution is revised definitions of security for GKE protocols considering KCI attacks by both outsider and insider adversaries. We also give a new proof of security for an existing two-round GKE protocol under the revised security definitions assuming random oracles. We then show how to achieve insider KCIR in a generic way using a known compiler in the literature. As one may expect, this additional security assurance comes at the cost of an extra round of communication. Finally, we show that a few existing protocols are not secure against outsider KCI attacks. The attacks on these protocols illustrate the necessity of considering KCI resilience for GKE protocols.

Anonymity and one-way authentication in key exchange protocols

Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.

Why perform pro-social behaviours? Understanding the key sources of perceived value in preventative health services

In maintaining quality of life, preventative health is an important area in which the performance of pro-social behaviours provides benefits to individuals who perform them as well as society. The establishment of the Preventative Health Taskforce in Australia demonstrates the significance of preventative health and aims to provide governments and health providers with evidence-based advice on preventative health issues (Preventative Health Taskforce, 2009). As preventative health behaviours are voluntary, for consumers to sustain this behaviour there needs to be a value proposition (Dann, 2008; Kotler and Lee, 2008). Customer value has been shown to influence repeat behaviour (McDougall and Levesque, 2000), word-of-mouth (Hartline and Jones, 1999), and attitudes (Dick and Basu, 2008). However to date there is little research that investigates the source of value for preventative health services. This qualitative study explores and identifies three categories of sources that influence four dimensions of value – functional, emotional, social and altruistic (Holbrook 2006). A conceptual model containing five propositions outlining these relationships is presented. This study provides evidence-based research that reveals sources of value that influence individuals’ decisions to perform pro-social behaviours in the long-term through their use of preventative health services. This research uses BreastScreen Queensland (BSQ), a cancer screening service, as the service context.

Key competences of design-build clients in China

Purpose-- DB clients play a vital role in the delivery of DB system and the clients’ competences are critical to the success of DB projects. Most of DB clients, however, remain inexperienced with the DB system. This study, therefore, aims to identify the key competences that DB clients should possess to ensure the success of DB projects in the construction market of China. Design/Methodology/Approach -- Five semi-structured face-to-face interviews and two rounds Delphi questionnaire survey were conducted in the construction market of China to identify the key competences of DB clients. Rankings have been assigned to these key competences on the basis of their relative importance. Findings-- Six ranked key competences of DB clients have been identified, which are, namely, (1) the ability to clearly define project scope and objectives; (2) financial capacity for the projects; (3) capacity in contract management; (4) adequate staff or consulting team; (5) effective coordination with DB contractors and (6) experience with similar design-build projects. Calculation of Kendall’s Coefficient of Concordance (W) indicates a statistically significant consensus of panel experts on these top six key competences. Practical implications—Clients should clearly understand the competence requirements in DB projects and should assess their DB capability before going for the DB option. Originality/Value-- The examination of DB client’s key competences will help the client deepen the understanding of the DB system. DB clients can also make use of the research findings as guidelines to improve their DB competence.

Identification of key competences of design-builders in the construction market of the People’s Republic of China (PRC)

Design-builders play a vital role in the success of DB projects. In the construction market of the People’s Republic of China, most of the design-builders, however, lack adequate competences to conduct the DB projects successfully. The objective of this study is, therefore, to identify the key competences that design-builders should possess to not only ensure the success of DB projects but also acquire the competitive advantages in the DB market. Five semi-structured face-to-face interviews and two rounds of Delphi questionnaire survey were conducted to identify the key competences of design-builders. Rankings have been assigned to these key competences on the basis of their relative importance. Six ranked key competences of design-builders have been identified, which are, namely, (1) experience with similar DB projects; (2) capability of corporate management; (3) combination of building techniques and design expertise; (4) financial capability for DB projects; (5) enterprise qualification and scale; and (6) credit records and reputation in the industry. The design-builders can make use of the research findings as guidelines to improve their DB competence. These research findings will also be useful to clients during the selection of design-builders.

Identification of key competences of DB clients in the construction market of China

The design-build system has been demonstrated as an effective delivery method and gained popularity worldwide. Although there are an increasing number of clients adopting DB method in China, most of them remain inexperienced with method. The objective of this study is therefore to identify the key competences that a client or its consultant should possess to ensure the success of DB projects. Face-to-face interviews and a two-round Delphi questionnaire survey were conducted to find the following six key competences of clients, which include the (1) ability to clearly articulate project scope and objectives; (2) financial capacity for DB projects; (3) capability in contract management; (4) adequate staff or consulting team; (5) effective coordination with contractors and (6) experience with similar DB projects. This study will hopefully provide clients with measures to evaluate their DB competence and further promote their understanding of DB system in the PRC.

Performance and scalability assessment for non-certificate-based public key management in VANETS

Current research in secure messaging for Vehicular Ad hoc Networks (VANETs) appears to focus on employing a digital certificate-based Public Key Cryptosystem (PKC) to support security. The security overhead of such a scheme, however, creates a transmission delay and introduces a time-consuming verification process to VANET communications. This paper proposes a non-certificate-based public key management for VANETs. A comprehensive evaluation of performance and scalability of the proposed public key management regime is presented, which is compared to a certificate-based PKC by employing a number of quantified analyses and simulations. Not only does this paper demonstrate that the proposal can maintain security, but it also asserts that it can improve overall performance and scalability at a lower cost, compared to the certificate-based PKC. It is believed that the proposed scheme will add a new dimension to the key management and verification services for VANETs.

Communication, Cultural and Media Studies : The Key Concepts (4th Edition)

This fourth edition of Communication, Cultural and Media Studies: The Key Concepts is an indispensible guide to the most important terms in the field. It offers clear explanations of the key concepts, exploring their origins, what they’re used for and why they provoke discussion. The author provides a multi-disciplinary explanation and assessment of the key concepts, from ‘authorship’ to ‘censorship’; ‘creative industries’ to ‘network theory’; ‘complexity’ to ‘visual culture’. The new edition of this classic text includes: * Over 200 entries including 50 new entries * All entries revised, rewritten and updated * Coverage of recent developments in the field * Insight into interactive media and the knowledge-based economy * A fully updated bibliography with 400 items and suggestions for further reading throughout the text

Profiling and characterisation of key weather variables and their implication on building design

Local climate is a critical element in the design of buildings. In this paper, ten years of historical weather data in Australia's all eight capital cities are analyzed to characterize the variation profiles of climatic variables. The method of descriptive statistics is employed. Either the pattern of cumulative distribution and/or the profile of percentage distribution are used to graphically illustrate the similarity and difference between different study locations. It is found that although the weather variables vary with different locations, except for the extreme parts, there is often a good, nearly linear relation between weather variable and its cumulative percentage for the majority of middle part. The implication of these extreme parts and the slopes of the middle parts on building design is also discussed.

Efficient and secure self-escrowed public-key infrastructures

A self-escrowed public key infrastructure (SE-PKI) combines the usual functionality of a public-key infrastructure with the ability to recover private keys given some trap-door information. We present an additively homomorphic variant of an existing SE-PKI for ElGamal encryption. We also propose a new efficient SE-PKI based on the ElGamal and Okamoto-Uchiyama cryptosystems that is more efficient than the previous SE-PKI. This is the first SE-PKI that does not suffer from a key doubling problem of previous SE-PKI proposals. Additionally, we present the first self-escrowed encryption schemes secure against chosen-ciphertext attack in the standard model. These schemes are also quite efficient and are based on the Cramer-Shoup cryptosystem, and the Kurosawa-Desmedt hybrid variant in different groups.

A symposium of reviews of public criminology? : by Ian Loader and Richard Sparks (Oxford : Key Ideas in Criminology, Routledge, 2010, 196pp.) with contributions from Nils Christie, Elliott Currie, Helena Kennedy, Gloria Laycock, Rod Morgan, Joe Sim, Jacqueline Tombs and Reece Walters

Public or Civic Criminology : A Critique of Loader and Sparks

Comparison of key competences of DB clients and contractors in the construction market of the People’s Republic of China

Clients and Design-build (DB) contractors are two key stakeholders in DB projects, and contribute significantly to the successful project performance. This study aims to identify and compare such key competences in the construction market of the PRC. After the survey of available literature and face-to-face interviews, a two-round Delphi questionnaire survey was conducted to identify the key competences of clients and DB contractors in DB projects. Relative importance of these identified competences were ranked and compared. The questionnaire results indicated distinct differences between the key competences of clients and that of contractors. The contractor’s key competences emphasize on DB experience, corporate management capability, building and design expertise, financial capability, enterprise qualification and reputation. While the client’s competences focus on the ability to clearly define the project scope & requirements, financial capacity, contract management ability, adequate staff, effective coordination with DB contractor and similar DB experience. Both clients and DB contractors should clearly understand the competence requirements in DB projects and possess all the necessary competences for the successful outcome of DB projects. The identification of these key competences provides clients and DB contractors with indicators to assess their capabilities before going for the DB option. Furthermore, the comparison of competences for clients and DB contractors will result in better understanding of DB system and improve the communication between these stakeholders.

Effort-release public-key encryption from cryptographic puzzles

Timed-release cryptography addresses the problem of “sending messages into the future”: information is encrypted so that it can only be decrypted after a certain amount of time, either (a) with the help of a trusted third party time server, or (b) after a party performs the required number of sequential operations. We generalise the latter case to what we call effort-release public key encryption (ER-PKE), where only the party holding the private key corresponding to the public key can decrypt, and only after performing a certain amount of computation which may or may not be parallelisable. Effort-release PKE generalises both the sequential-operation-based timed-release encryption of Rivest, Shamir, and Wagner, and also the encapsulated key escrow techniques of Bellare and Goldwasser. We give a generic construction for ER-PKE based on the use of moderately hard computational problems called puzzles. Our approach extends the KEM/DEM framework for public key encryption by introducing a difficulty notion for KEMs which results in effort-release PKE. When the puzzle used in our generic construction is non-parallelisable, we recover timed-release cryptography, with the addition that only the designated receiver (in the public key setting) can decrypt.