Privacy-Preserving Verifiability: A Case for an Electronic Exam Protocol

We introduce the notion of privacy-preserving verifiability for security protocols. It holds when a protocol admits a verifiability test that does not reveal, to the verifier that runs it, more pieces of information about the protocol’s execution than those required to run the test. Our definition of privacy-preserving verifiability is general and applies to cryptographic protocols as well as to human security protocols. In this paper we exemplify it in the domain of e-exams. We prove that the notion is meaningful by studying an existing exam protocol that is verifiable but whose verifiability tests are not privacy-preserving. We prove that the notion is applicable: we review the protocol using functional encryption so that it admits a verifiability test that preserves privacy to our definition. We analyse, in ProVerif, that the verifiability holds despite malicious parties and that the new protocol maintains all the security properties of the original protocol, so proving that our privacy-preserving verifiability can be achieved starting from existing security

Automated Verification of Exam, Cash, aa Reputation, and Routing Protocols

Security is a crucial requirement in the applications based on information and communication technology, especially when an open network such as the Internet is used.To ensure security in such applications cryptographic protocols have been used.However, the design of security protocols is notoriously difficult and error-prone.Several flaws have been found on protocols that are claimed secure.Hence, cryptographic protocols must be verified before they are used.One approach to verify cryptographic protocols is the use of formal methods, which have achieved many results in recent years.Formal methods concern on analysis of protocol specifications modeled using, e.g., dedicated logics, or process algebras.Formal methods can find flaws or prove that a protocol is secure under ``perfect cryptographic assumption" with respect to given security properties. However, they abstract away from implementation errors and side-channel attacks.In order to detect such errors and attacks runtime verification can be used to analyze systems or protocols executions.Moreover, runtime verification can help in the cases where formal procedures have exponential time or suffer from termination problems.In this thesis we contribute to cryptographic protocols verification with an emphasis on formal verification and automation.Firstly, we study exam protocols. We propose formal definitions for several authentication and privacy propertiesin the Applied Pi-Calculus. We also provide an abstract definitions of verifiability properties.We analyze all these properties automatically using ProVerif on multiple case studies, and identify several flaws.Moreover, we propose several monitors to check exam requirements at runtime. These monitors are validated by analyzing a real exam executions using MARQ Java based tool.Secondly, we propose a formal framework to verify the security properties of non-transferable electronic cash protocols.We define client privacy and forgery related properties.Again, we illustrate our model by analyzing three case studies using ProVerif, and confirm several known attacks.Thirdly, we propose formal definitions of authentication, privacy, and verifiability properties of electronic reputation protocols. We discuss the proposed definitions, with the help of ProVerif, on a simple reputation protocol.Finally, we obtain a reduction result to verify route validity of ad-hoc routing protocols in presence of multiple independent attackers that do not share their knowledge.La sécurité est une exigence cruciale dans les applications basées sur l'information et la technologie de communication, surtout quand un réseau ouvert tel que l'Internet est utilisé. Pour assurer la sécurité dans ces applications des protocoles cryptographiques ont été développé. Cependant, la conception de protocoles de sécurité est notoirement difficile et source d'erreurs. Plusieurs failles ont été trouvées sur des protocoles qui se sont prétendus sécurisés. Par conséquent, les protocoles cryptographiques doivent être vérifiés avant d'être utilisés. Une approche pour vérifier les protocoles cryptographiques est l'utilisation des méthodes formelles, qui ont obtenu de nombreux résultats au cours des dernières années.Méthodes formelles portent sur l'analyse des spécifications des protocoles modélisées en utilisant, par exemple, les logiques dédiés, ou algèbres de processus. Les méthodes formelles peuvent trouver des failles ou permettent de prouver qu'un protocole est sécurisé sous certaines hypothèses par rapport aux propriétés de sécurité données. Toutefois, elles abstraient des erreurs de mise en ouvre et les attaques side-channel.Afin de détecter ces erreurs et la vérification des attaques d'exécution peut être utilisée pour analyser les systèmes ou protocoles exécutions. En outre, la vérification de l'exécution peut aider dans les cas où les procédures formelles mettent un temps exponentielle ou souffrent de problèmes de terminaison. Dans cette thèse, nous contribuons à la vérification des protocoles cryptographiques avec un accent sur la vérification formelle et l'automatisation. Tout d'abord, nous étudions les protocoles d'examen. Nous proposons des définitions formelles pour plusieurs propriétés d'authentification et de confidentialité dans le Pi-calcul Appliqué.Nous fournissons également une des définitions abstraites de propriétés de vérifiabilité. Nous analysons toutes ces propriétés en utilisant automatiquement ProVerif sur plusieurs études de cas, et avons identifié plusieurs failles. En outre, nous proposons plusieurs moniteurs de vérifier les exigences d'examen à l'exécution. Ces moniteurs sont validés par l'analyse d'un exécutions d'examen réel en utilisant l'outil MARQ Java.Deuxièmement, nous proposons un cadre formel pour vérifier les propriétés de sécurité de protocoles de monnaie électronique non transférable. Nous définissons la notion de vie privée du client et les propriétés de la falsification. Encore une fois, nous illustrons notre modèle en analysant trois études de cas à l'aide ProVerif, et confirmons plusieurs attaques connues.Troisièmement, nous proposons des définitions formelles de l'authentification, la confidentialité et les propriétés de vérifiabilité de protocoles de réputation électroniques. Nous discutons les définitions proposées, avec l'aide de ProVerif, sur un protocole de réputation simple. Enfin, nous obtenons un résultat sur la réduction de la vérification de la validité d'une route dans les protocoles de routage ad-hoc, en présence de plusieurs attaquants indépendants qui ne partagent pas leurs connaissances

Decisions under Uncertainty in Decentralized Online Markets: Empirical Studies of Peer-to-Peer Lending and Outsourcing

Recent developments in information technologies, especially Web 2.0 technologies, have radically transformed many markets through disintermediation and decentralization. Lower barriers of entry in these markets enable small firms and individuals to engage in transactions that were otherwise impossible. Yet, the issues of informational asymmetry that plague traditional markets still arise, only to be exacerbated by the "virtual" nature of these marketplaces. The three essays of my dissertation empirically examine how participants, many of whom are entrepreneurs, tackle the issue of asymmetric information to derive benefits from trade in two different contexts. In Essay 1, I investigate the role of online social networks in mitigating information asymmetry in an online peer-to-peer lending market, and find that the relational dimensions of these networks are especially effective for this purpose. In Essay 2, I exploit a natural experiment in the same marketplace to study the effect of shared geographical ties on investor decisions, and find that "home bias" is not only robust but also has an interesting interaction pattern with rational decision criteria. In Essay 3, I study how the emergence of new contract forms, enabled by new monitoring technologies, changes the effectiveness of traditional signals that affect a buyers' choice of sellers in online outsourcing. Using a matched-sample approach, I show that the effectiveness of online ratings and certifications differs under pay-for-time contracts versus pay-for-deliverable contracts. In all, the three essays of my dissertation present new empirical evidence of how agents leverage various network ties, signals and incentives to facilitate transactions in decentralized online markets, form transactional ties, and reap the benefits enabled by the transformative power of information technologies

Usability and verifiability of secure features for authenticating identity

Almost all financial transactions and personal data is nowadays online. A world with easy access to data and finances simplifies everyday life. Matters can be handled at ease where ever there is an internet connection. Contacting others can be done in ways unimaginable a decade or two ago. Instant messaging apps and video meetings bring the whole world close when working. If an end user finds something hard to handle they start sabotaging it with their personal behavior. They use less secure methods to keep their data secure because it is more convenient. The world of software security is a balancing act between designing features secure enough and being able to verify the functionality of secure features against malicious attackers and making secure features usable. Usability improves the chances that the end user complies to use of every day security. Designing features secure enough to fight against malicious attackers has gained too large proportion of the effort. According to literature reviewed in this thesis usability of the secure features has not been seen as a priority. This thesis examines usability and verifiability of secure features and methods. It is important to study the usability in this context, as better usability will allow secure features to appeal to a larger end user base, and adding the overall security. It will go through typical authentication methods and assesses their usability based on literature about usability and every day observations. It follows a high-level approach to secure features to be able to see what an end user encounters when using secure features. This is done to better evaluate the usability of the features. Especially when specifications are not fully available. The thesis also introduces a formal testing process structure that can be used as a guideline in planning and executing tests for any software feature. Helpful toolsets to aid in creating functional test environments and support functions are presented. The thesis introduces different kinds of existing and future method that will make security and usability of the authentication methods better

Opportunities and Challenges for ChatGPT and Large Language Models in Biomedicine and Health

ChatGPT has drawn considerable attention from both the general public and domain experts with its remarkable text generation capabilities. This has subsequently led to the emergence of diverse applications in the field of biomedicine and health. In this work, we examine the diverse applications of large language models (LLMs), such as ChatGPT, in biomedicine and health. Specifically we explore the areas of biomedical information retrieval, question answering, medical text summarization, information extraction, and medical education, and investigate whether LLMs possess the transformative power to revolutionize these tasks or whether the distinct complexities of biomedical domain presents unique challenges. Following an extensive literature survey, we find that significant advances have been made in the field of text generation tasks, surpassing the previous state-of-the-art methods. For other applications, the advances have been modest. Overall, LLMs have not yet revolutionized the biomedicine, but recent rapid progress indicates that such methods hold great potential to provide valuable means for accelerating discovery and improving health. We also find that the use of LLMs, like ChatGPT, in the fields of biomedicine and health entails various risks and challenges, including fabricated information in its generated responses, as well as legal and privacy concerns associated with sensitive patient data. We believe this first-of-its-kind survey can provide a comprehensive overview to biomedical researchers and healthcare practitioners on the opportunities and challenges associated with using ChatGPT and other LLMs for transforming biomedicine and health

Exploring the construction of verifiable evidence in a technology-mediated competency assessment environment according to the experiences of accounting professionals.

This thesis explores the mediating role of technologies within the initial professional development (IPD) competency assessment environment of aspiring professional accountants. It proposes that professional competency is transient, ambiguous and complex. Professional competency is conceptualised a set of morally orienting practices, understandings and personal characteristics. The study establishes that professional competency is currently assessed via several different specific structures and contexts. These contexts are conceptualised using Nardi & O’Day’s (1999) concept of information ecology, which is mediated by assessees, assessors, evidence & technologies. One of the specific structures within the information ecology is the ‘profession context.’ It is here that professional accounting operates. There are also broader corporate structures operating within which accountancy is integrated with other organisation functions. Broader still, are the social contexts in which corporations themselves operate. Although these contexts cannot be artificially separated, the thesis proposes that professional accounting bodies should take control of the ‘profession context.’ It is proposed that verifiable evidence should be assessed within the profession context to “corroborate” assertions of competency made by assessees/assessors. The mediating role of technology within the information ecology is often dynamic, emotive and sensory and moves between hermeneutic, embodiment and alterity relations. The inter-relations of technology with agents within the information ecology are often recursive, but nonetheless often involve a negotiation of power. The mediation of technology within the information ecology enables the integration of simulated and real assessment environments within which verifiable evidence can be constructed. This approach advocates that successful accomplishment of performance is determined using responsible pedagogy principles. This means the development of critical thinking, education and self-awareness through assessment that is authentic and action based. The purpose of this approach is to develop aspiring professional accountants who embody the behaviours, attitudes, values, dispositions expected of responsible, respectful professionals who protect the public interest

The Science of Detecting LLM-Generated Texts

The emergence of large language models (LLMs) has resulted in the production of LLM-generated texts that is highly sophisticated and almost indistinguishable from texts written by humans. However, this has also sparked concerns about the potential misuse of such texts, such as spreading misinformation and causing disruptions in the education system. Although many detection approaches have been proposed, a comprehensive understanding of the achievements and challenges is still lacking. This survey aims to provide an overview of existing LLM-generated text detection techniques and enhance the control and regulation of language generation models. Furthermore, we emphasize crucial considerations for future research, including the development of comprehensive evaluation metrics and the threat posed by open-source LLMs, to drive progress in the area of LLM-generated text detection

Assessment Technologies Institute Test Results and Blended Experiences for Senior Community Health Nursing Students

The purpose of the study was to examine the relationship between senior community health nursing students’ ATI test scores and their clinical community health nursing experiences, either in-country or out-of-country. The ATI test results are a reliable predictor of whether the student will pass their nursing board exams (NCLEX-RN). The study also examined whether the two groups of students reported any similarities and differences in their sense of confidence or transcultural self-efficacy and conceptual knowledge and their clinical experiences. ATI test scores were reviewed for the two groups. Focus groups were held to discuss any similarities or differences in the students’ community health nursing experiences. Cultural competency was evaluated using Jeffreys’ (2016) Transcultural Self- Efficacy Tool

Election Verifiability: Cryptographic Definitions and an Analysis of Helios, Helios-C, and JCJ

Election verifiability is defined in the computational model of cryptography. The definition formalizes notions of voters verifying their own votes, auditors verifying the tally of votes, and auditors verifying that only eligible voters vote. The Helios (Adida et al., 2009), Helios-C (Cortier et al., 2014) and JCJ (Juels et al., 2010) election schemes are analyzed using the definition. Neither Helios nor Helios-C satisfy the definition because they do not ensure that recorded ballots are tallied in certain cases when the adversary posts malicious material on the bulletin board. A variant of Helios is proposed and shown to satisfy the definition. JCJ similarly does not ensure that recorded ballots are tallied in certain cases. Moreover, JCJ does not ensure that only eligible voters vote, due to a trust assumption it makes. A variant of JCJ is proposed and shown to satisfy a weakened definition that incorporates the trust assumption. Previous definitions of verifiability (Juels et al., 2010; Cortier et al., 2014; Kiayias et al., 2015) and definitions of global verifiability (Kuesters et al., 2010; Cortier et al., 2016) are shown to permit election schemes vulnerable to attacks, whereas the new definition prohibits those schemes. And a relationship between the new definition and a variant of global verifiability is shown

The Impact of Disruptive Technologies in Finance and Accounting: A Systematic Literature Review

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Knowledge Management and Business IntelligenceThe digital transition era, marked by a strong evolution of Information Technologies, and its massive expansion towards all products, services, and sectors, has changed all known methods for carrying out and conducting all sorts of professional practices. Within the scope of accounting activities and transactions related to accounting, various tasks have started to be automatized with the help of Artificial Intelligence and Machine Learning. Hence, no longer existing the need of spending time on some of the repetitive day-to-day tasks, professionals in these areas will have more time and freedom to perform predictive business analysis, to collect and report financial data, which will most likely become vital to assist decision-making and possible attraction of new investments. As such, there is a clear link between accounting and the emergence of disruptive technologies, which indicates an interesting research area for accounting information systems researchers. What is the impact of disruptive technologies in accounting practices? What is the role played by accountants to work alongside their digital colleagues? What are the skills that accountants may have to be future proof in an ever-changing digital environment? This dissertation aims to answer these questions by following a qualitative and exploratory approach, through a systematic literature review. The analysis reveals that the impact of disruptive technologies in finance and accounting can be summarized in four main domains, Strategic Management, Technology Innovation, Business Acumen and Operations and Accounting Provision. We review the content of recent academic literature regarding the relationship between disruptive technologies and accounting and highlight research gaps and opportunities for future research