Attacking Group Protocols by Refuting Incorrect Inductive Conjectures

Automated tools for finding attacks on flawed security protocols often fail to deal adequately with group protocols. This is because the abstractions made to improve performance on fixed 2 or 3 party protocols either preclude the modelling of group protocols all together, or permit modelling only in a fixed scenario, which can prevent attacks from being discovered. This paper describes Coral, a tool for finding counterexamples to incorrect inductive conjectures, which we have used to model protocols for both group key agreement and group key management, without any restrictions on the scenario. We will show how we used Coral to discover 6 previously unknown attacks on 3 group protocols

A Peered Bulletin Board for Robust Use in Verifiable Voting Systems

The Web Bulletin Board (WBB) is a key component of verifiable election systems. It is used in the context of election verification to publish evidence of voting and tallying that voters and officials can check, and where challenges can be launched in the event of malfeasance. In practice, the election authority has responsibility for implementing the web bulletin board correctly and reliably, and will wish to ensure that it behaves correctly even in the presence of failures and attacks. To ensure robustness, an implementation will typically use a number of peers to be able to provide a correct service even when some peers go down or behave dishonestly. In this paper we propose a new protocol to implement such a Web Bulletin Board, motivated by the needs of the vVote verifiable voting system. Using a distributed algorithm increases the complexity of the protocol and requires careful reasoning in order to establish correctness. Here we use the Event-B modelling and refinement approach to establish correctness of the peered design against an idealised specification of the bulletin board behaviour. In particular we show that for n peers, a threshold of t > 2n/3 peers behaving correctly is sufficient to ensure correct behaviour of the bulletin board distributed design. The algorithm also behaves correctly even if honest or dishonest peers temporarily drop out of the protocol and then return. The verification approach also establishes that the protocols used within the bulletin board do not interfere with each other. This is the first time a peered web bulletin board suite of protocols has been formally verified.Comment: 49 page

Evaluation of Sheffield City Council's Community Justice Panels Project

This report is the output of an evaluation commissioned by Sheffield City Council and undertaken by the Hallam Centre for Community Justice at Sheffield Hallam University. The evaluation was undertaken during October and November 2009 with the objectives of assessing the effectiveness of the Community Justice Panels project so far and providing recommendations for future development. The evaluation used an action research methodology and included documentary analysis, semi-structured interviews with strategic partners and stakeholders, wrongdoers and harmed persons, facilitator focus group and observation of the Panels

Effective Caching for the Secure Content Distribution in Information-Centric Networking

The secure distribution of protected content requires consumer authentication and involves the conventional method of end-to-end encryption. However, in information-centric networking (ICN) the end-to-end encryption makes the content caching ineffective since encrypted content stored in a cache is useless for any consumer except those who know the encryption key. For effective caching of encrypted content in ICN, we propose a novel scheme, called the Secure Distribution of Protected Content (SDPC). SDPC ensures that only authenticated consumers can access the content. The SDPC is a lightweight authentication and key distribution protocol; it allows consumer nodes to verify the originality of the published article by using a symmetric key encryption. The security of the SDPC was proved with BAN logic and Scyther tool verification.Comment: 7 pages, 9 figures, 2018 IEEE 87th Vehicular Technology Conference (VTC Spring

CRFM Consultancy Report on Review of Existing Policy, Legal and Institutional Arrangements for Governance and Management of Flyingfish Fisheries in the Caribbean Large Marine Ecosystem

Many of the marine resources in the Caribbean are considered to be fully or overexploited. A Transboundary Diagnostic Analysis identified three priority transboundary problems that affect the CLME: unsustainable exploitation of fish and other living resources, the degradation and modification of natural habitats, pollution and contamination. The fourwing flyingfish fishery is the single most important small pelagic fishery in the southern Lesser Antilles. It is a shared resource, which has been traditionally exploited by seven different States, i.e. Barbados, Dominica, Grenada, Martinique, Saint Lucia, Saint Vincent and the Grenadines and Trinidad and Tobago. With expanding fleet capacity and limited cooperation among the States exploiting the flyingfish, there is concern that the resource may become overfished. While the flyingfish fishery is a directed fishery, it is at the same time part of a multi-species, multi-gear fishery, which also targets regional large pelagic species.This case study identifies and analyses the priority transboundary problems and issues. The policy, legal and institutional reforms needed to address such transboundary issues and achieve long-term conservation and sustainable use of the resources are also identified. A major and necessary component of the case study is an evaluation of the existing policy cycles and linkages among the countries and institutions involved with the flyingfish fishery