OPTIMAL ONLINE BANKING SECURITY CONFIGURATION UNDER BURDEN OF PROOF

Against the threat of online banking theft, governments are imposing two different types of legal schemes: strict liability and negligence. Countries like the U.S. are imposing strict liability on online banking transactions to ensure that service providers like banks take more care. However, under strict liability banks does not provide adequate client security measures. Countries like Korea are imposing burden of proof on online banking transactions to ensure that general public take more care and reduce burden of accident prevention on banks. However, under burden of proof service providers are developing and providing excessive number of client security measures for their users. In each legal regime online banking security configurations are not consistent with the original intention of the related liability scheme. This paper investigates using microeconomic models how unique characteristics of information technology changed traditional working mechanism of the liability scheme with microeconomic models and it also provides practical implications for managers

System Engineering for J-2X Development: The Simpler, the Better

The Ares I and Ares V Vehicles will utilize the J-2X rocket engine developed for NASA by the Pratt and Whitney Rocketdyne Company (PWR) as the upper stage engine (USE). The J-2X is an improved higher power version of the original J-2 engine used for Apollo. System Engineering (SE) facilitates direct and open discussions of issues and problems. This simple idea is often overlooked in large, complex engineering development programs. Definition and distribution of requirements from the engine level to the component level is controlled by Allocation Reports which breaks down numerical design objectives (weight, reliability, etc.) into quanta goals for each component area. Linked databases of design and verification requirements help eliminate redundancy and potential mistakes inherent in separated systems. Another tool, the Architecture Design Description (ADD), is used to control J-2X system architecture and effectively communicate configuration changes to those involved in the design process. But the proof of an effective process is in successful program accomplishment. SE is the methodology being used to meet the challenge of completing J-2X engine certification 2 years ahead of any engine program ever developed at PWR. This paper describes the simple, better SE tools and techniques used to achieve this success

Regulating Cryptocurrencies in the International Insolvency Law

In the last few years, the world has witnessed a fast expansion of bitcoin and other cryptocurrencies. From being mostly associated with criminal activity in their earliest years, cryptocurrencies have now taken a step into the legal business markets. The increased use of cryptocurrencies in business and commercial transactions entails that their appearance in the insolvency proceedings can be expected in a foreseeable future. However, the fast development of cryptocurrencies means that the current regulatory frameworks around the world have not kept up with the changes, which is especially noticeable in international situations. The continuous growth of cryptocurrencies and their value indicate that they will become very interesting for insolvency practitioners in the future, but the lack of regulation and case law within this field raises the question of how they will and should be treated. While cryptocurrencies continue to find their place in modern society, whether and to what extent they should be regulated in the international insolvency law is a vastly approaching issue. This thesis discusses the possibility of regulating cryptocurrencies on the international level of the insolvency law by examining firstly, the different risks and issues that the cryptocurrencies will give rise to in the insolvency law and insolvency proceedings with a special focus on jurisdiction, secondly, the current regulatory frameworks and principles on international and European Union level and lastly, the possibilities of regulation through both soft law and hard law in order to create a way to approach these problems. The possibility of regulation will be discussed in a multidisciplinary light, with the principles of international financial law as well as the nature of blockchain-based technology taken into consideration. The aim of the thesis is not to come up with a specific course of action, but rather to enlighten the most prominent pros and cons of different possibilities. The potential ways of regulation brought up in the thesis are the use of blockchain technology itself, amendment of existing legal frameworks, the use of regulatory sandboxes and a new legal framework.Viime vuosina maailma on todistanut bitcoinin ja muiden kryptovaluuttojen nopean laajentumisen. Kryptovaluutat yhdistettiin alkuaikoina usein rikollisiin tarkoituksiin, mutta lähivuosina kryptovaluutat ovat siirtyneet myös laillisille liiketoimintamarkkinoille. Kryptovaluuttojen käytön lisääntyminen markkinoilla ja kaupallisissa liiketoimissa tarkoittaa, että niiden ilmeneminen maksukyvyttömyysmenettelyissä on lähitulevaisuudessa odotettavaa. Kryptovaluuttojen nopea kehitys tarkoittaa kuitenkin sitä, että nykyinen sääntely ei ole pysynyt muutosten mukana, mikä on erityisesti havaittavissa kansainvälisissä tapauksissa. Kryptovaluuttojen jatkuva kasvu sekä niiden arvo markkinoilla osoittaa, että ne tulevat tulevaisuudessa olemaan mielenkiintoinen osa insolvenssioikeuden asiantuntijoiden työtehtäviä. Mutta sääntelyn sekä oikeuskäytännön puute herättää kuitenkin kysymyksiä siitä, miten kryptovaluuttojen kanssa tulisi toimia. Kryptovaluutat etsivät jatkuvasti paikkaansa nykyaikaisessa yhteiskunnassa, mutta kysymys siitä, miten niitä pitäisi säännellä kansainvälisessä insolvenssioikeudessa ja missä laajudessa, on nopeasti lähestyvä haaste. Tässä opinnäytetyössä keskustellaan mahdollisuudesta säännellä kryptovaluuttoja insolvenssioikeuden kansainvälisellä tasolla tutkimalla ensinnäkin erilaisia riskejä ja ongelmia, joita kryptovaluutat aiheuttavat insolvenssioikeudessa ja maksukyvyttömyysmenettelyissä kiinnittäen erityistä huomiota lainkäyttövaltaan. Tämän lisäksi tutkitaan insolvenssioikeuden nykyisiä laillisia kehyksiä ja periaatteita kansainvälisellä ja Euroopan Unionin tasolla. Viimeiseksi pohditaan sääntelymahdollisuuksia sekä sitovalla että ei-sitovalla sääntelyllä luomalla tapaa lähestyä niitä haasteita, jotka kryptovaluutat aiheuttavat. Sääntelymahdollisuudesta keskustellaan monialaisessa valossa, ottaen huomioon kansainvälisen finanssioikeuden periaatteet sekä blockchain-teknologian luonteen. Opinnäytetyön tarkoituksena ei ole keksiä tiettyä toimintatapaa, vaan valaista eri mahdollisuuksien hyötyjä ja haittoja. Opinnäytetyössä esiin tuodut mahdolliset sääntelytavat ovat blockchain-teknologian käyttäminen, olemassa olevien laillisten kehysten muuttaminen, sääntelyn hiekkalaatikoiden käyttäminen sekä uusi oikeudellinen kehys

Extension and hardware implementation of the comprehensive integrated security system concept

Merged with duplicate record (10026.1/700) on 03.01.2017 by CS (TIS)This is a digitised version of a thesis that was deposited in the University Library. If you are the author please contact PEARL Admin ([email protected]) to discuss options.The current strategy to computer networking is to increase the accessibility that legitimate users have to their respective systems and to distribute functionality. This creates a more efficient working environment, users may work from home, organisations can make better use of their computing power. Unfortunately, a side effect of opening up computer systems and placing them on potentially global networks is that they face increased threats from uncontrolled access points, and from eavesdroppers listening to the data communicated between systems. Along with these increased threats the traditional ones such as disgruntled employees, malicious software, and accidental damage must still be countered. A comprehensive integrated security system ( CISS ) has been developed to provide security within the Open Systems Interconnection (OSI) and Open Distributed Processing (ODP) environments. The research described in this thesis investigates alternative methods for its implementation and its optimisation through partial implementation within hardware and software and the investigation of mechanismsto improve its security. A new deployment strategy for CISS is described where functionality is divided amongst computing platforms of increasing capability within a security domain. Definitions are given of a: local security unit, that provides terminal security; local security servers that serve the local security units and domain management centres that provide security service coordination within a domain. New hardware that provides RSA and DES functionality capable of being connected to Sun microsystems is detailed. The board can be used as a basic building block of CISS, providing fast cryptographic facilities, or in isolation for discrete cryptographic services. Software written for UNIX in C/C++ is described, which provides optimised security mechanisms on computer systems that do not have SBus connectivity. A new identification/authentication mechanism is investigated that can be added to existing systems with the potential for extension into a real time supervision scenario. The mechanism uses keystroke analysis through the application of neural networks and genetic algorithms and has produced very encouraging results. Finally, a new conceptual model for intrusion detection capable of dealing with real time and historical evaluation is discussed, which further enhances the CISS concept

Automatically Verified Mechanized Proof of One-Encryption Key Exchange

We present a mechanized proof of the password-based protocol One-Encryption Key Exchange (OEKE) using the computationally-sound protocol prover CryptoVerif. OEKE is a non-trivial protocol, and thus mechanizing its proof provides additional confidence that it is correct. This case study was also an opportunity to implement several important extensions of CryptoVerif, useful for proving many other protocols. We have indeed extended CryptoVerif to support the computational Diffie-Hellman assumption. We have also added support for proofs that rely on Shoup\u27s lemma and additional game transformations. In particular, it is now possible to insert case distinctions manually and to merge cases that no longer need to be distinguished. Eventually, some improvements have been added on the computation of the probability bounds for attacks, providing better reductions. In particular, we improve over the standard computation of probabilities when Shoup\u27s lemma is used, which allows us to improve the bound given in a previous manual proof of OEKE, and to show that the adversary can test at most one password per session of the protocol. In this paper, we present these extensions, with their application to the proof of OEKE. All steps of the proof are verified by CryptoVerif. This document is an updated version of a report from 2012. In the 10 years between 2012 and 2022, CryptoVerif has made a lot of progress. In particular, the probability bound obtained by CryptoVerif for OEKE has been improved, reaching an almost optimal probability: only statistical terms corresponding to collisions between group elements or between hashes are overestimated by a small constant factor