KCRS: A Blockchain-Based Key Compromise Resilient Signature System

Digital signatures are widely used to assure authenticity and integrity of messages (including blockchain transactions). This assurance is based on assumption that the private signing key is kept secret, which may be exposed or compromised without being detected in the real world. Many schemes have been proposed to mitigate this problem, but most schemes are not compatible with widely used digital signature standards and do not help detect private key exposures. In this paper, we propose a Key Compromise Resilient Signature (KCRS) system, which leverages blockchain to detect key compromises and mitigate the consequences. Our solution keeps a log of valid certificates and digital signatures that have been issued on the blockchain, which can deter the abuse of compromised private keys. Since the blockchain is an open system, KCRS also provides a privacy protection mechanism to prevent the public from learning the relationship between signatures. We present a theoretical framework for the security of the system and a provably-secure construction. We also implement a prototype of KCRS and conduct experiments to demonstrate its practicability

Summary

20090506_fidis_D3.12 final 1.0.od

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips. These help people to identify phish links embedded in emails. TORPEDO's tooltips contain the actual URL with the domain highlighted. Link activation is delayed for a short period, giving the person time to inspect the URL before they click on a link. Furthermore, TORPEDO provides an information diagram to explain phish detection. We evaluated TORPEDO's effectiveness, as compared to the worst case “status bar” as provided by other Web email interfaces. People using TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17% versus 43.31% correct answers for phish). We then carried out a field study with a number of TORPEDO users to explore actual user experiences of TORPEDO. We conclude the paper by reporting on the outcome of this field study and suggest improvements based on the feedback from the field study participants

Employee Perceptions of Fairness in Performance Appraisals and Job Satisfaction

Business and management researchers have shown that performance appraisals have continued to remain a standard component of the human resource management (HRM) function and play an integral role in contributing to employee performance and job satisfaction levels. Recent researchers indicated that employees have continued to hold negative views about the degree of fairness and accuracy of appraisals, thus rendering the process a mere routine and periodic ritual detrimental to organizational efficiency and growth. The purpose of this study was to add to what is a paucity of data on perceptions of fairness of employees and examine the employee perceptions of fairness in performance appraisals related to job satisfaction. The conceptual framework for this study was rooted in organizational justice and motivational theory. Research questions examined the perceptions of employees of performance appraisals on job satisfaction. Qualitative data were collected in this multiple case study using face-to-face interviews of 20 participants. Data were organized, coded, and analyzed for emergent themes and patterns that aligned with the research questions. Research findings showed that employee perceptions of performance appraisals are critical and remain an invaluable component of the human resource function to benefit management executives and should include basic knowledge and employee input in the appraisal design and process. Implications for possible positive social change may include enhanced insights, knowledge, and understanding of the perceptions of performance appraisals that may enhance management decisions through fair, just, and accurate employee appraisals that will positively translate to job satisfaction

Privacy in Voice-over-IP mitigating the risks at SIP intermediaries

Telephony plays a fundamental role in our society. It enables remote parties to interact and express themselves over great distances. The telephone as a means of communicating has become part of every day life. Organisations and industry are now looking at Voice over IP (VoIP) technologies. They want to take advantage of new and previously unavailable voice services. Various interested parties are seeking to leverage the emerging VoIP technology for more flexible and efficient communication between staff, clients and partners. VoIP is a recent innovation enabled by Next Generation Network (NGN). It provides and enables means of communication over a digital network, specifically the Internet. VoIP is gaining wide spread adoption and will ultimately replace traditional telephony. The result of this trend is a ubiquitous, global and digital communication infrastructure. VoIP, however, still faces many challenges. It is not yet as reliable and dependable as the current Public Switched Telephone Network (PSTN). The employed communication protocols are immature with many security flaws and weaknesses. Session Initiation Protocol (SIP), a popular VoIP protocol does not sufficiently protect a users privacy. A user’s information is neither encrypted nor secured when calling a remote party. There is a lack of control over the information included in the SIP messages. Our specific concern is that private and sensitive information is exchanged over the public internet. This dissertation concerns itself with the communication path chosen by SIP when establishing a session with a remote party. In SIP, VoIP calls are established over unknown and untrusted intermediaries to reach the desired party. We analyse the SIP headers to determine the information leakage at each chosen intermediary. Our concerns for possible breach of privacy when using SIP were confirmed by the findings. A user’s privacy can be compromised through the extraction of explicit private details reflected in SIP headers. It is further possible to profile the user and determine communication habits from implicit time, location and device information. Our research proposes enhancements to SIP. Each intermediary must digitally sign over the SIP headers ensuring the communication path was not be altered. These signatures are added sequentially creating a chain of certified intermediaries. Our enhancements to SIP do not seek to encrypt the headers, but to use these intermediary signatures to reduce the risk of information leakage. We created a model of our proposed enhancements for attaching signatures at each intermediary. The model also provides a means of identifying unknown or malicious intermediaries prior to establishing a SIP session. Finally, the model was specified in Z notation. The Z specification language was well suited to accurately and precisely represent our model. This formal notation was adopted to specify the types, states and model behaviour. The specification was validated using the Z type-checker ZTC. CopyrightDissertation (MSc)--University of Pretoria, 2010.Computer Scienceunrestricte

Web3.0 Security: Privacy Enhancing and Anonym Auditing in Blockchain-based Structures

The advent of Web 3.0, underpinned by blockchain technologies, promises to transform the internet's landscape by empowering individuals with decentralized control over their data. However, this evolution brings unique security challenges that need to be addressed. This paper explores these complexities, focusing on enhancing privacy and anonymous auditing within blockchain structures. We present the architecture of Web 3.0 based on the blockchain, providing a clear perspective on its workflow and security mechanisms. A security protocol for Web 3.0 systems, employing privacy-preserving techniques and anonymous auditing during runtime, is proposed. Key components of our solution include the integration of privacy-enhancing techniques and the utilization of Tor for anonymous auditing. We discuss related work and propose a framework that meets these new security requirements. Lastly, we offer an evaluation and comparison of our model to existing methods. This research contributes towards the foundational understanding of Web 3.0's secure structure and offers a pathway towards secure and privacy-preserving digital interactions in this novel internet landscape

Exploring Strategies for Successful Implementation of Electronic Health Records

Adoption of electronic health records (EHR) systems in nonfederal acute care hospitals has increased, with adoption rates across the United States reaching as high as 94%. Of the 330 plus acute care hospital EHR implementations in Texas, only 31% have completed attestation to Stage 2 of the meaningful use (MU) criteria. The purpose of this multiple case study was to explore strategies that hospital chief information officers (CIOs) used for the successful implementation of EHR. The target population consists of 3 hospitals CIOs from a multi-county region in North Central Texas who successfully implemented EHRs meeting Stage 2 MU criteria. The conceptual framework, for this research, was the technology acceptance model theory. The data were collected through semistructured interviews, member checking, review of the literature on the topic, and publicly available documents on the respective hospital websites. Using methodological triangulation of the data, 4 themes emerged from data analysis: EHR implementation strategies, overcoming resistance to technology acceptance, strategic alignment, and patient wellbeing. Participants identified implementation teams and informatics teams as a primary strategy for obtaining user engagement, ownership, and establishing a culture of acceptance to the technological changes. The application of the findings may contribute to social change by identifying the strategies hospital CIOs used for successful implementation of EHRs. Successful EHR implementation might provide positive social change by improving the quality of patient care, patient safety, security of personal health information, lowering health care cost, and improvements in the overall health of the general population