Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible server, raises serious security concerns (e.g. server compromise). Hardware-based Trusted Execution Environments (TEEs) are a well-known solution for protecting sensitive data in untrusted environments, and are now becoming available on commodity server platforms. Although the idea of protecting keys using a server-side TEE is straight-forward, in this paper we validate this approach and show that it enables new desirable functionality. We describe the design, implementation, and evaluation of a TEE-based Cloud Key Store (CKS), an online service for securely generating, storing, and using personal cryptographic keys. Using remote attestation, users receive strong assurance about the behaviour of the CKS, and can authenticate themselves using passwords while avoiding typical risks of password-based authentication like password theft or phishing. In addition, this design allows users to i) define policy-based access controls for keys; ii) delegate keys to other CKS users for a specified time and/or a limited number of uses; and iii) audit all key usages via a secure audit log. We have implemented a proof of concept CKS using Intel SGX and integrated this into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation performs approximately 6,000 signature operations per second on a single desktop PC. The latency is in the same order of magnitude as using locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on Security, Privacy, and Identity Management in the Cloud (SECPID) 201

Designated auditing agency handbook: Ministry of Health auditor handbook (revised 2015)

Introduction: This handbook outlines the Ministry of Health\u27s requirements of designated auditing agencies for auditing and audit reporting for the certification of health care services under the Health and Disability Services (Safety) Act 2001. The handbook also gives providers of health care services a guide to specific requirements for various types of audits.     &nbsp

Understanding Power-related Strategies and Initiatives:The Case of the European Commission Green Paper on CSR

Purpose The purpose of this paper is to provide a theoretically informed analysis of a struggle for power over the regulation of corporate social responsibility (CSR) and social and environmental accounting and reporting (SEAR) within the European Union. Design/methodology/approach The paper combines insights from institutional theory (Lawrence and Buchanan, 2017) with Vaara et al.’s (2006) and Vaara and Tienar’s (2008) discursive strategies approach in order to interrogate the dynamics of the institutional “arena” that emerged in 2001, following the European Commission’s publication of a Green Paper (GP) on CSR policy and reporting. Drawing on multiple sources of data (including newspaper coverage, semi-structured interviews and written submissions by companies and NGOs), the authors analyse the institutional political strategies employed by companies and NGOs – two of the key stakeholder groupings who sought to influence the dynamics and outcome of the European initiative. Findings The results show that the 2001 GP was a “triggering event” (Hoffman, 1999) that led to the formation of the institutional arena that centred on whether CSR policy and reporting should be voluntary or mandatory. The findings highlight how two separate, but related forms of power (systemic and episodic power) were exercised much more effectively by companies compared to NGOs. The analysis of the power initiatives and discursive strategies deployed in the arena provides a theoretically informed understanding of the ways in which companies acted in concert to reach their objective of maintaining CSR and SEAR as a voluntary activity. Originality/value The theoretical framework outlined in the paper highlights how the analysis of CSR and SEAR regulation can be enriched by examining the deployment of episodic and systemic power by relevant actors.PostprintPeer reviewe

Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems

Credible Communication in Dynastic Government

This paper examines the mechanics of intertemporal information provision in dynastic governments. It has been suggested that "horizontal accountability," i.e., a system of governance where auditing functions lie outside the executive branch, can ensure credible disclosure of information. The results here suggest a cautious approach to that view. Government is modelled as a dynastic sequence of regimes. Each regime rules for one period, chooses an expenditure level, then relinquishes power to its successor. When information about past policy choices comes exclusively from the reports of previous regimes, each regime has an incentive to choose its (suboptimal) one shot expenditure policy, and then misrepresent its choice to its successor. I examine the credible communication equilibria taking into account the reporting incentives of an auditor who can independently verify the information each period. In an environment where "liberal" (i.e., those prefering larger government expenditures) and "conservative" (those prefering smaller expenditures) regimes and auditors evolve over time, it is shown that: "conservative" ("liberal") auditors are not credible when the current regime is also "conservative" ("liberal"). Moreover, because information transmission stops when the auditor's and the regime's biases coincide, e_ective deterrents even in the "good" periods (when the auditor's and the regime's biases di_er) are di_cult to construct. In all periods the equilibrium requirement of auditor neutrality constrains the dynamic incentives for e_cient policy choices. The main result shows that these constraints typically bind away from optimal policies in standard constructions of equilibrium.dynastic government, dynamic policy bias, auditor neutrality, credible communication.