736 resultados para outsourcing decryption
Resumo:
Vehicular ad hoc network (VANET) is an increasing important paradigm, which not only provides safety enhancement but also improves roadway system efficiency. However, the security issues of data confidentiality, and access control over transmitted messages in VANET have remained to be solved. In this paper, we propose a secure and efficient message dissemination scheme (SEMD) with policy enforcement in VANET, and construct an outsourcing decryption of ciphertext-policy attribute-based encryption (CP-ABE) to provide differentiated access control services, which makes the vehicles delegate most of the decryption computation to nearest roadside unit (RSU). Performance evaluation demonstrates its efficiency in terms of computational complexity, space complexity, and decryption time. Security proof shows that it is secure against replayable choosen-ciphertext attacks (RCCA) in the standard model.
Resumo:
Attribute-Based Encryption (ABE) is a promising cryptographic primitive which significantly enhances the versatility of access control mechanisms. Due to the high expressiveness of ABE policies, the computational complexities of ABE key-issuing and decryption are getting prohibitively high. Despite that the existing Outsourced ABE solutions are able to offload some intensive computing tasks to a third party, the verifiability of results returned from the third party has yet to be addressed. Aiming at tackling the challenge above, we propose a new Secure Outsourced ABE system, which supports both secure outsourced key-issuing and decryption. Our new method offloads all access policy and attribute related operations in the key-issuing process or decryption to a Key Generation Service Provider (KGSP) and a Decryption Service Provider (DSP), respectively, leaving only a constant number of simple operations for the attribute authority and eligible users to perform locally. In addition, for the first time, we propose an outsourced ABE construction which provides checkability of the outsourced computation results in an efficient way. Extensive security and performance analysis show that the proposed schemes are proven secure and practical. © 2013 IEEE.
Resumo:
En esta tesis se aborda el problema de la externalización segura de servicios de datos y computación. El escenario de interés es aquel en el que el usuario posee datos y quiere subcontratar un servidor en la nube (“Cloud”). Además, el usuario puede querer también delegar el cálculo de un subconjunto de sus datos al servidor. Se presentan dos aspectos de seguridad relacionados con este escenario, en concreto, la integridad y la privacidad y se analizan las posibles soluciones a dichas cuestiones, aprovechando herramientas criptográficas avanzadas, como el Autentificador de Mensajes Homomórfico (“Homomorphic Message Authenticators”) y el Cifrado Totalmente Homomórfico (“Fully Homomorphic Encryption”). La contribución de este trabajo es tanto teórica como práctica. Desde el punto de vista de la contribución teórica, se define un nuevo esquema de externalización (en lo siguiente, denominado con su término inglés Outsourcing), usando como punto de partida los artículos de [3] y [12], con el objetivo de realizar un modelo muy genérico y flexible que podría emplearse para representar varios esquemas de ”outsourcing” seguro. Dicho modelo puede utilizarse para representar esquemas de “outsourcing” seguro proporcionando únicamente integridad, únicamente privacidad o, curiosamente, integridad con privacidad. Utilizando este nuevo modelo también se redefine un esquema altamente eficiente, construido en [12] y que se ha denominado Outsourcinglin. Este esquema permite calcular polinomios multivariados de grado 1 sobre el anillo Z2k . Desde el punto de vista de la contribución práctica, se ha construido una infraestructura marco (“Framework”) para aplicar el esquema de “outsourcing”. Seguidamente, se ha testado dicho “Framework” con varias implementaciones, en concreto la implementación del criptosistema Joye-Libert ([18]) y la implementación del esquema propio Outsourcinglin. En el contexto de este trabajo práctico, la tesis también ha dado lugar a algunas contribuciones innovadoras: el diseño y la implementación de un nuevo algoritmo de descifrado para el esquema de cifrado Joye-Libert, en colaboración con Darío Fiore. Presenta un mejor comportamiento frente a los algoritmos propuestos por los autores de [18];la implementación de la función eficiente pseudo-aleatoria de forma amortizada cerrada (“amortized-closed-form efficient pseudorandom function”) de [12]. Esta función no se había implementado con anterioridad y no supone un problema trivial, por lo que este trabajo puede llegar a ser útil en otros contextos. Finalmente se han usado las implementaciones durante varias pruebas para medir tiempos de ejecución de los principales algoritmos.---ABSTRACT---In this thesis we tackle the problem of secure outsourcing of data and computation. The scenario we are interested in is that in which a user owns some data and wants to “outsource” it to a Cloud server. Furthermore, the user may want also to delegate the computation over a subset of its data to the server. We present the security issues related to this scenario, namely integrity and privacy and we analyse some possible solutions to these two issues, exploiting advanced cryptographic tools, such as Homomorphic Message Authenticators and Fully Homomorphic Encryption. Our contribution is both theoretical and practical. Considering our theoretical contribution, using as starting points the articles of [3] and [12], we introduce a new cryptographic primitive, called Outsourcing with the aim of realizing a very generic and flexible model that might be employed to represent several secure outsourcing schemes. Such model can be used to represent secure outsourcing schemes that provide only integrity, only privacy or, interestingly, integrity with privacy. Using our new model we also re-define an highly efficient scheme constructed in [12], that we called Outsourcinglin and that is a scheme for computing multi-variate polynomials of degree 1 over the ring Z2k. Considering our practical contribution, we build a Framework to implement the Outsourcing scheme. Then, we test such Framework to realize several implementations, specifically the implementation of the Joye-Libert cryptosystem ([18]) and the implementation of our Outsourcinglin scheme. In the context of this practical work, the thesis also led to some novel contributions: the design and the implementation, in collaboration with Dario Fiore, of a new decryption algorithm for the Joye-Libert encryption scheme, that performs better than the algorithms proposed by the authors in [18]; the implementation of the amortized-closed-form efficient pseudorandom function of [12]. There was no prior implementation of this function and it represented a non trivial work, which can become useful in other contexts. Finally we test the implementations to execute several experiments for measuring the timing performances of the main algorithms.
Resumo:
What an organisation does versus what it out-sources to the market is a classic boundaries of the firm question that has previously been dominated by efficiency arguments. However, a knowledge-based view suggests these boundaries are integral to the ability of a firm to deploy existing knowledge stocks efficiently, as well as develop new knowledge through learning that will drive future competitiveness. Furthermore, the nature of these boundaries, in respect of their permeability is critical in understanding the likelihood of knowledge flowing into and out of the organisation. Using these concepts, we present a case study of Main Roads Western Australia to illustrate how these principles have allowed it to start rebuilding its internal capabilities through repositioning its operational boundaries and via ensuring their boundaries are highly porous as they move more major projects into alliance contracts.
Resumo:
Purpose – To determine whether or not clockspeed is an important variable in outsourcing strategies throughout the development of radical innovations. Design/methodology/approach – An internet-based survey of manufacturing firms from all over the world. Findings – An industry's clockspeed does not play a significant role in the success or failure of a particular outsourcing strategy for a radical innovation. Research limitations/implications – Conclusions from earlier research in this area are not necessarily industry-specific. Practical implications – Lessons learned via previous investigations about the computer industry need not be confined to that sector. Vertical integration may be a more robust outsourcing strategy when developing a radical innovation in industries of all clockspeeds. Originality/value – Previous research efforts in this field focused on a single technology jump, but this approach may have overlooked a potentially important variable: industry clockspeed. Thus, this investigation explores whether clockspeed is an important factor.
Resumo:
Significant empirical data from the fields of management and business strategy suggest that it is a good idea for a company to make in-house the components and processes underpinning a new technology. Other evidence suggests exactly the opposite, saying that firms would be better off buying components and processes from outside suppliers. One possible explanation for this lack of convergence is that earlier research in this area has overlooked two important aspects of the problem: reputation and trust. To gain insight into how these variables may impact make-buy decisions throughout the innovation process, the Sporas algorithm for measuring reputation was added to an existing agent-based model of how firms interact with each other throughout the development of new technologies. The model�s results suggest that reputation and trust do not play a significant role in the long-term fortunes of an individual firm as it contends with technological change in the marketplace. Accordingly, this model serves as a cue for management researchers to investigate more thoroughly the temporal limitations and contingencies that determine how the trust between firms may affect the R&D process.
Resumo:
In this paper we analyse the oursourcing of accounting services. The extent to which firms are currently outsourcing, or considering outsourcing such services, and the motivations and barriers associated with outsourcing are identified. Empirical data from a random sample of accounting firms are used in this analysis. Data indicate that the majority of accounting firms are either currently outsourcing or considering outsourcing and that they exopect the volume of oursourced services to increase. In contrast to the scholarly literature advocating labor arbitrage as the primary driver for organizations choosing to outsource, in this study it was found that the main factors underpinning the decision to outsource were the expediting of service delivary to clients, and to enable the firm to focus on its core competencies.
Resumo:
In the medical and healthcare arena, patients‟ data is not just their own personal history but also a valuable large dataset for finding solutions for diseases. While electronic medical records are becoming popular and are used in healthcare work places like hospitals, as well as insurance companies, and by major stakeholders such as physicians and their patients, the accessibility of such information should be dealt with in a way that preserves privacy and security. Thus, finding the best way to keep the data secure has become an important issue in the area of database security. Sensitive medical data should be encrypted in databases. There are many encryption/ decryption techniques and algorithms with regard to preserving privacy and security. Currently their performance is an important factor while the medical data is being managed in databases. Another important factor is that the stakeholders should decide more cost-effective ways to reduce the total cost of ownership. As an alternative, DAS (Data as Service) is a popular outsourcing model to satisfy the cost-effectiveness but it takes a consideration that the encryption/ decryption modules needs to be handled by trustworthy stakeholders. This research project is focusing on the query response times in a DAS model (AES-DAS) and analyses the comparison between the outsourcing model and the in-house model which incorporates Microsoft built-in encryption scheme in a SQL Server. This research project includes building a prototype of medical database schemas. There are 2 types of simulations to carry out the project. The first stage includes 6 databases in order to carry out simulations to measure the performance between plain-text, Microsoft built-in encryption and AES-DAS (Data as Service). Particularly, the AES-DAS incorporates implementations of symmetric key encryption such as AES (Advanced Encryption Standard) and a Bucket indexing processor using Bloom filter. The results are categorised such as character type, numeric type, range queries, range queries using Bucket Index and aggregate queries. The second stage takes the scalability test from 5K to 2560K records. The main result of these simulations is that particularly as an outsourcing model, AES-DAS using the Bucket index shows around 3.32 times faster than a normal AES-DAS under the 70 partitions and 10K record-sized databases. Retrieving Numeric typed data takes shorter time than Character typed data in AES-DAS. The aggregation query response time in AES-DAS is not as consistent as that in MS built-in encryption scheme. The scalability test shows that the DBMS reaches in a certain threshold; the query response time becomes rapidly slower. However, there is more to investigate in order to bring about other outcomes and to construct a secured EMR (Electronic Medical Record) more efficiently from these simulations.
Resumo:
Patient satisfaction with foodservices is multidimensional. It is well recognised that food and other aspects of foodservice delivery are important elements of patients overall perception of the hospital experience. This study aimed to determine whether menu changes in 2008 at an acute private hospital, considered negative by the dietetic staff, would affect patient satisfaction with the foodservice. Changes to the menu, secondary to the refurbishment of the foodservice facilities decreased the number of choices at breakfast from six to four, and altered the dessert menu to include a larger proportion of commercially produced products. The Acute Care Hospital Foodservice Patient Satisfaction Questionnaire (ACHFPSQ) was utilised to assess patient satisfaction with the menu changes, as it has proven accuracy and reliability in measuring patient satisfaction. Results of the survey (n=306) were compared to data with previous ACHFPSQ surveys conducted annually since 2003. Data analysed included overall foodservice satisfaction and four dimensions of foodservice satisfaction: food quality, meal service quality, staff/service issues and the physical environment. Satisfaction targets were set at 4 (scale 1–5) for each foodservice dimension. Analysis showed that despite changes to the menu, overall foodservice satisfaction rated high, with a score of 4.3. Eighty-six percent of patients rated the foodservice as either ‘very good’ or ‘good’. The four foodservice dimensions were rated highly (4.2–4.8). Findings were consistent with previous survey results, demonstrating a high level of patient satisfaction across all dimensions of the foodservice, despite changes to the menu. The annual ACHFPSQ was of value to this practice question.
Multi-level knowledge transfer in software development outsourcing projects : the agency theory view
Resumo:
In recent years, software development outsourcing has become even more complex. Outsourcing partner have begun‘re- outsourcing’ components of their projects to other outsourcing companies to minimize cost and gain efficiencies, creating a multi-level hierarchy of outsourcing. This research in progress paper presents preliminary findings of a study designed to understand knowledge transfer effectiveness of multi-level software development outsourcing projects. We conceptualize the SD-outsourcing entities using the Agency Theory. This study conceptualizes, operationalises and validates the concept of Knowledge Transfer as a three-phase multidimensional formative index of 1) Domain knowledge, 2) Communication behaviors, and 3) Clarity of requirements. Data analysis identified substantial, significant differences between the Principal and the Agent on two of the three constructs. Using Agency Theory, supported by preliminary findings, the paper also provides prescriptive guidelines of reducing the friction between the Principal and the Agent in multi-level software outsourcing.
Resumo:
Availability has become a primary goal of information security and is as significant as other goals, in particular, confidentiality and integrity. Maintaining availability of essential services on the public Internet is an increasingly difficult task in the presence of sophisticated attackers. Attackers may abuse limited computational resources of a service provider and thus managing computational costs is a key strategy for achieving the goal of availability. In this thesis we focus on cryptographic approaches for managing computational costs, in particular computational effort. We focus on two cryptographic techniques: computational puzzles in cryptographic protocols and secure outsourcing of cryptographic computations. This thesis contributes to the area of cryptographic protocols in the following ways. First we propose the most efficient puzzle scheme based on modular exponentiations which, unlike previous schemes of the same type, involves only a few modular multiplications for solution verification; our scheme is provably secure. We then introduce a new efficient gradual authentication protocol by integrating a puzzle into a specific signature scheme. Our software implementation results for the new authentication protocol show that our approach is more efficient and effective than the traditional RSA signature-based one and improves the DoSresilience of Secure Socket Layer (SSL) protocol, the most widely used security protocol on the Internet. Our next contributions are related to capturing a specific property that enables secure outsourcing of cryptographic tasks in partial-decryption. We formally define the property of (non-trivial) public verifiability for general encryption schemes, key encapsulation mechanisms (KEMs), and hybrid encryption schemes, encompassing public-key, identity-based, and tag-based encryption avors. We show that some generic transformations and concrete constructions enjoy this property and then present a new public-key encryption (PKE) scheme having this property and proof of security under the standard assumptions. Finally, we combine puzzles with PKE schemes for enabling delayed decryption in applications such as e-auctions and e-voting. For this we first introduce the notion of effort-release PKE (ER-PKE), encompassing the well-known timedrelease encryption and encapsulated key escrow techniques. We then present a security model for ER-PKE and a generic construction of ER-PKE complying with our security notion.
Resumo:
The main theme of this thesis is to allow the users of cloud services to outsource their data without the need to trust the cloud provider. The method is based on combining existing proof-of-storage schemes with distance-bounding protocols. Specifically, cloud customers will be able to verify the confidentiality, integrity, availability, fairness (or mutual non-repudiation), data freshness, geographic assurance and replication of their stored data directly, without having to rely on the word of the cloud provider.
Resumo:
The purpose of this paper is to provide an evolutionary perspective of cloud computing (CC) by integrating two previously disparate literatures: CC and information technology outsourcing (ITO). We review the literature and develop a framework that highlights the demand for the CC service, benefits, risks, as well as risk mitigation strategies that are likely to influence the success of the service. CC success in organisations and as a technology overall is a function of (i) the outsourcing decision and supplier selection, (ii) contractual and relational governance, and (iii) industry standards and legal framework. Whereas CC clients have little control over standards and/or the legal framework, they are able to influence other factors to maximize the benefits while limiting the risks. This paper provides guidelines for (potential) cloud computing users with respect to the outsourcing decision, vendor selection, service-level-agreements, and other issues that need to be addressed when opting for CC services. We contribute to the literature by providing an evolutionary and holistic view of CC that draws on the extensive literature and theory of ITO. We conclude the paper with a number of research paths that future researchers can follow to advance the knowledge in this field.
Resumo:
Outsourcing, or contracting-out as it is also known, is a prevalent business practice across all sectors of the economy. This entry will give a number of explanations about why organizations outsource, as well as a number of difficulties which may be encountered when outsourcing...
