Simulatable security for quantum protocols

The notion of simulatable security (reactive simulatability, universal composability) is a powerful tool for allowing the modular design of cryptographic protocols (composition of protocols) and showing the security of a given protocol embedded in a larger one. Recently, these methods have received much attention in the quantum cryptographic community. We give a short introduction to simulatable security in general and proceed by sketching the many different definitional choices together with their advantages and disadvantages. Based on the reactive simulatability modelling of Backes, Pfitzmann and Waidner we then develop a quantum security model. By following the BPW modelling as closely as possible, we show that composable quantum security definitions for quantum protocols can strongly profit from their classical counterparts, since most of the definitional choices in the modelling are independent of the underlying machine model. In particular, we give a proof for the simple composition theorem in our framework.Comment: Added proof of combination lemma; added comparison to the model of Ben-Or, Mayers; minor correction

Evaluation of Airport Security Training Programs: Perspectives and Issues

While many governments and airport operators have emphasized the importance of security training and committed a large amount of budget to security training programs, the implementation of security training programs was not proactive but reactive. Moreover, most of the security training programs were employed as a demand or a trendchasing activity from the government. In order to identify issues in airport security training and to develop desirable security training procedures in an airport, this preliminary study aims at providing (1) the description of current state of airport security training and training in general, (2) the study design and interview guide for studying airport security training, and (3) expected outcome from the study

Strategic interests and Australian grand strategy

The newly-released National Security Strategy provides good coverage of broad security issues, but could have given a more expansive worldview. Previous Defence White Papers have shown our approach to national security interests has been narrow and reactive rather than broad and proactive. This four-page report suggests there are ways to avoid the trap that strategic interests and objectives are all about the use of force and to move to an Australian grand strategy

Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand

One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment

Control-Related Motivations and Information Security Policy Compliance: The Effect of Reflective and Reactive Autonomy

Employees’ failures to follow information security policy can be costly to organizations. Organizations implement security controls in order to motivate employees. Many control-related motivations have been explored in information security research (e.g., self-efficacy and behavioral control); however, self-determination has yet to receive attention. Self-determination theory is widely used in other fields to explain intrinsically driven performance. This paper examines the effect self-determination—conceptualized as reflective autonomy, and psychological reactance—conceptualized as reactive autonomy have on employees’ intentions to comply with security policy. Reflective and reactive autonomy offer complementary yet opposite conceptualizations of autonomy, offering a more holistic view of control-related motivation. We find that both reflective and reactive autonomy affect information security policy compliance intentions. Reflective autonomy increases and reactive autonomy decreases compliance intentions. Managers should become aware of the way employees view security controls in order to develop controls that maximize reflective autonomy and minimize reactive autonomy in employees

Beck and beyond: Selling security in the world risk society

©2010 British International Studies AssociationExpanding on the works of Beck and others on the growing business of risk, this article examines the role of the private security industry in the creation, management and perpetuation of the world risk society. It observes that the replacement of the concept of security with risk over the past decades has permitted private firms to identify a growing range of unknown and unknown-unknown dangers which cannot be eliminated, but require permanent risk management. Using the discourse of risk and its strategies of commercialised, individualised and reactive risk management, the private risk industry thus has contributed to the rise of a world risk society in which the demand for security can never be satisfied and guarantees continuous profits

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

The commodification of security in the risk society

Expanding on the works of Beck and others on the growing business of risk, this paper examines the role of private industry in the creation, management and perpetuation of the world risk society. It observes that the replacement of the concept of security with risk over the past decades has permitted private firms to identify a growing range of unknown and unknown-unknown dangers which cannot be eliminated and require continuous risk management. Using the discourse of risk and its strategies of commercialized, individualized and reactive risk management, the private risk industry has thus contributed to the rise of a world risk society in which the demand for security can never be satisfied and so guarantees continuous profits