18 research outputs found
A Framework for Secure Group Key Management
The need for secure group communication is increasingly evident in a wide variety of governmental, commercial, and Internet communities. Secure group key management is concerned with the methods of issuing and distributing group keys, and the management of those keys over a period of time. To provide perfect secrecy, a central group key manager (GKM) has to perform group rekeying for every join or leave request. Fast rekeying is crucial to an application\u27s performance that has large group size, experiences frequent joins and leaves, or where the GKM is hosted by a group member. Examples of such applications are interactive military simulation, secure video and audio broadcasting, and secure peer-to-peer networks. Traditionally, the rekeying is performed periodically for the batch of requests accumulated during an inter-rekey period. The use of a logical key hierarchy (LKH) by a GKM has been introduced to provide scalable rekeying. If the GKM maintains a LKH of degree d and height h, such that the group size n †dh, and the batch size is R requests, a rekeying requires the GKM to regenerate O(R à h) keys and to perform O(d à R à h) keys encryptions for the new keys distribution. The LKH approach provided a GKM rekeying cost that scales to the logarithm of the group size, however, the number of encryptions increases with increased LKH degree, LKH height, or the batch size. In this dissertation, we introduce a framework for scalable and efficient secure group key management that outperforms the original LKH approach. The framework has six components as follows. First, we present a software model for providing secure group key management that is independent of the application, the security mechanism, and the communication protocol. Second, we focus on a LKH-based GKM and introduce a secure key distribution technique, in which a rekeying requires the GKM to regenerate O( R à h) keys. Instead of encryption, we propose a novel XOR-based key distribution technique, namely XORBP, which performs an XOR operation between keys, and uses random byte patterns (BPs) to distribute the key material in the rekey message to guard against insider attacks. Our experiments show that the XORBP LKH approach substantially reduces a rekeying computation effort by more than 90%. Third, we propose two novel LKH batch rekeying protocols . The first protocol maintains a balanced LKH (B+-LKH) while the other maintains an unbalanced LKH (S-LKH). If a group experiences frequent leaves, keys are deleted form the LKH and maintaining a balanced LKH becomes crucial to the rekeying\u27s process performance. In our experiments, the use of a B+-LKH by a GKM, compared to a S-LKH, is shown to substantially reduce the number of LKH nodes (i.e., storage), and the number of regenerated keys per a rekeying by more than 50%. Moreover, the B +-LKH performance is shown to be bounded with increased group dynamics. Fourth, we introduce a generalized rekey policy that can be used to provide periodic rekeying as well as other versatile rekeying conditions. Fifth, to support distributed group key management, we identify four distributed group-rekeying protocols between a set of peer rekey agents. Finally, we discuss a group member and a GKM\u27s recovery after a short failure time
Key Management Systems for Smart Grid Advanced Metering Infrastructure: A Survey
Smart Grids are evolving as the next generation power systems that involve
changes in the traditional ways of generation, transmission and distribution of
power. Advanced Metering Infrastructure (AMI) is one of the key components in
smart grids. An AMI comprises of systems and networks, that collects and
analyzes data received from smart meters. In addition, AMI also provides
intelligent management of various power-related applications and services based
on the data collected from smart meters. Thus, AMI plays a significant role in
the smooth functioning of smart grids.
AMI is a privileged target for security attacks as it is made up of systems
that are highly vulnerable to such attacks. Providing security to AMI is
necessary as adversaries can cause potential damage against infrastructures and
privacy in smart grid. One of the most effective and challenging topic's
identified, is the Key Management System (KMS), for sustaining the security
concerns in AMI. Therefore, KMS seeks to be a promising research area for
future development of AMI. This survey work highlights the key security issues
of advanced metering infrastructures and focuses on how key management
techniques can be utilized for safeguarding AMI. First of all, we explore the
main features of advanced metering infrastructures and identify the
relationship between smart grid and AMI. Then, we introduce the security issues
and challenges of AMI. We also provide a classification of the existing works
in literature that deal with secure key management system in AMI. Finally, we
identify possible future research directions of KMS in AMI
A practical key management and distribution system for IPTV conditional access
Conditional Access (CA) is widely used by pay-television operators to restrict access to content to authorised subscribers. Commercial CA solutions are available for structured broadcast and Internet Protocol Television (IPTV) environments, as well as Internet-based video-on-demand services, however these solutions are mostly proprietary, often inefficient for use on IP networks, and frequently depend on smartcards for maintaining security. An efficient, exible, and open conditional access system that can be implemented practically by operators with large numbers of subscribers would be beneficial to those operators and Set-Top-Box manufacturers in terms of cost savings for royalties and production costs. Furthermore, organisations such as the South African Broadcasting Corporation that are transitioning to Digital-Terrestrial-Television could use an open Conditional Access System (CAS) to restrict content to viewing within national borders and to ensure that only valid TV licence holders are able to access content. To this end, a system was developed that draws from the area of group key management. Users are grouped according to their subscription selections and these groups are authorised for each selection's constituent services. Group keys are updated with a key-tree based approach that includes a novel method for growing full trees that outperforms the standard method. The relations that are created between key trees are used to establish a hierarchy of keys which allows exible selection of services whilst maintaining their cryptographic protection. Conditions for security without dependence on smartcards are defined, and the system is expandable to multi-home viewing scenarios. A prototype implementation was used to assess the proposed system. Total memory consumption of the key-server, bandwidth usage for transmission of key updates, and client processing and storage of keys were all demonstrated to be highly scalable with number of subscribers and number of services
Sécurité dans les réseaux mobiles de nouvelle génération
RĂSUMĂ
Les rĂ©seaux de nouvelle gĂ©nĂ©ration visent Ă converger les rĂ©seaux fixes et mobiles hĂ©tĂ©rogĂšnes afin dâoffrir tous les services Ă travers un rĂ©seau coeur tout IP. Faisant parti du
rĂ©seau dâaccĂšs mobile, un des principaux objectifs du rĂ©seau 4G est de permettre une relĂšve ininterrompue entre les rĂ©seaux cellulaires et WIFI pour ainsi favoriser lâapprivoisement de services vidĂ©o mobiles exigeant des critĂšres de qualitĂ© de service trĂšs stricts Ă moindres coĂ»ts.
Cependant, lâuniformisation du trafic au niveau de la couche rĂ©seau favorise sa centralisation Ă travers un rĂ©seau coeur IP partagĂ© par tous les opĂ©rateurs, la rendant ainsi comme une cible vulnĂ©rable de choix pour les pirates informatiques. La conception de solutions sĂ©curitaires
dans un environnement oĂč les entitĂ©s ne se connaissent pas Ă priori sâannonce comme une tĂąche trĂšs ardue. La thĂšse se penche sur quatre problĂ©matiques importantes dans les rĂ©seaux de nouvelle gĂ©nĂ©ration dont chacune est traitĂ©e dans un article distinct. Les deux premiers articles touchent Ă la sĂ©curitĂ© dans un contexte dĂ©centralisĂ©, Ă savoir les rĂ©seaux mobiles ad hoc (MANETs), alors que les deux derniers proposent des mĂ©canismes innovateurs pour sĂ©curiser des solutions visant Ă rĂ©duire la consommation de bande passante et dâĂ©nergie, en conformitĂ© avec le virage
vert informatique promu par les opĂ©rateurs rĂ©seautiques. Plus prĂ©cisĂ©ment, le troisiĂšme article traite de la sĂ©curisation des flots multicast dans un environnement Ă haut taux de perte de paquet et le dernier propose une solution dâoptimisation de route sĂ©curitaire pour mobile
IPv6 (MIPv6) utilisant une version amĂ©liorĂ©e de lâalgorithme de genĂ©ration dâadresses cryptographiques
(CGA) et les extensions de sécurité du systÚme de nom de domaine (DNSSEC).
Les systĂšmes de dĂ©tection dâintrusion (IDS) pour les MANETs basĂ©s sur la rĂ©putation des noeuds classifient les participants du rĂ©seau selon leur degrĂ© de confiance. Cependant, ils partagent tous une vulnĂ©rabilitĂ© commune : lâimpossibilitĂ© de dĂ©tecter et de rĂ©agir aux attaques complices. Le premier article propose un IDS qui intĂšgre efficacement le risque de collusion entre deux ou plusieurs noeuds malveillants dans le calcul de la fiabilitĂ© dâun
chemin. Lâalgorithme proposÂŽe ne se limite pas quâau nombre et Ă la rĂ©putation des noeuds intermĂ©diaires formant un chemin, mais intĂšgre Ă©galement dâautres informations pertinentes sur les voisins des noeuds intermĂ©diaires dâun chemin pouvant superviser le message original et celui retransmis. Le IDS proposĂ© dĂ©tecte efficacement les noeuds malicieux et complices dans le but de les isoler rapidement du rĂ©seau. Les simulations lancĂ©es dans divers environnements MANETs contenant une proportion variable dâattaquants complices montrent bien lâefficacitĂ© du IDS proposĂ©e en offrant un gain en dĂ©bit considĂ©rable comparativement aux solutions existantes.
Ă lâinstar de prĂ©venir les comportements Ă©goĂŻstes des noeuds par la menace dâĂȘtre privĂ©s de certaines fonctions, voire mĂȘme isolĂ©s du rĂ©seau, due Ă une baisse de rĂ©putation, le second article opte pour un incitatif non-punitif en la monnaie virtuelle plus communĂ©ment appelĂ©e
nuglets. Plus prĂ©cisĂ©ment, lâarticle prĂ©sente un cadre de travail issu de la thĂ©orie des jeux basĂ© sur la compĂ©tition de Bertrand pour inciter les noeuds intermĂ©diaires Ă retransmettre les messages selon les requis de QoS demandĂ©s par la source. Pour quâun noeud source envoie ou accĂšde Ă un flot sensible Ă la QoS comme par exemple les applications en temps rĂ©el, il dĂ©bute par envoyer un contrat qui spĂ©cifie les critĂšres de QoS, sa durĂ©e et son prix de rĂ©serve. Sur rĂ©ception du contrat, les noeuds intermĂ©diaires formant une route entre la source et la destination partagent les informations sur eux-mĂȘmes et celles recueillies sur les noeuds voisins, anciens et courants pour estimer la probabilitĂ© de bris de contrat ainsi que le nombre de compĂ©titeurs actifs. Ces deux paramĂštres sont cruciaux dans le processus de fixation des
prix. Une fois les rĂ©ponses de route recueillies, la source choisit la route la moins chĂšre. Le cadre de travail multijoueur proposĂ©, basĂ© sur la compĂ©tition de Bertrand avec des firmes asymĂ©triques et ayant accĂšs Ă de lâinformation imparfaite, possĂšde un Ă©quilibre de Nash en
stratĂ©gies mixtes dans lequel le profit des firmes est positif et baisse non seulement avec le nombre de compĂ©titeurs, mais aussi avec lâimpression dâune prĂ©cision accrue que les compĂ©titeurs ont sur le coĂ»t de production du joueur. Les rĂ©sultats montrent que lâincertitude sur
les coĂ»ts augmente le taux de la marge brute et la fluctuation des prix tout en diminuant les chances dâhonorer le contrat.
Dans un autre ordre dâidĂ©e, lâintĂ©rĂȘt sans cesse grandissant des opĂ©rateurs Ă converger les rĂ©seaux fixes et mobiles dans le but dâoffrir une relĂšve sans interruption favorise lâutilisation des applications vidĂ©o mobiles qui surchargeront rapidement leurs rĂ©seaux. Dans un contexte
du virage vert qui prend de plus en plus dâampleur dans le domaine des tĂ©lĂ©communications, la transmission des flots en multidiffusion (multicast) devient essentiel dans le but de rĂ©duire la consommation de bande passante et la congestion du rĂ©seau en rejoignant simultanĂ©ment plusieurs destinataires. La sĂ©curisation des flots en multidiffusion a Ă©tĂ© largement Ă©tudiĂ©e dans la littĂ©rature antĂ©rieure, cependant aucune des solutions proposĂ©es ne tient compte des
contraintes imposĂ©es par les liaisons sans fil et la mobilitĂ© des noeuds, en particulier le haut taux de perte de paquets. La nĂ©cessitĂ© dâun mĂ©canisme de distribution de clĂ©s rĂ©gĂ©nĂ©ratrices efficace et pouvant supporter un grand bassin dâabonnĂ©s pour les rĂ©seaux mobiles nâaura jamais Ă©tĂ© aussi urgent avec lâarrivĂ©e de la convergence fixe-mobile dans les rĂ©seaux 4G.
Le troisiÚme article présente deux algorithmes de clés régénératrices basés sur les chaßnes de hachage bidirectionnelles pour le protocole de distribution de clés logical key hierarchy (LKH).
Ainsi, un membre ayant perdu jusquâĂ un certain nombre de clĂ©s de dĂ©chiffrement consĂ©cutives pourrait lui-mĂȘme les rĂ©gĂ©nĂ©rer sans faire la requĂȘte de retransmission au serveur de clĂ©s.
Les simulations effectuĂ©es montrent que les algorithmes proposĂ©s offrent des amĂ©liorations considĂ©rables dans un environnement de rĂ©seau mobile Ă taux de perte de paquet, notamment dans le percentage de messages dĂ©chiffrĂ©s. Le souci dâefficacitĂ© Ă©nergĂ©tique est Ă©galement prĂ©sent pour les opĂ©rateurs de rĂ©seaux cellulaires. Dâailleurs, prĂšs de la moitiĂ© des abonnements sur Internet proviennent prĂ©sentement dâunitĂ©s mobiles et il est attendu que ce groupe dâutilisateurs deviennent le plus grand bassin
dâusagers sur Internet dans la prochaine dĂ©cennie. Pour supporter cette croissance rapide du nombre dâutilisateurs mobiles, le choix le plus naturel pour les opĂ©rateurs serait de remplacer mobile IPv4 par MIPv6. Or, la fonction dâoptimisation de route (RO), qui remplace le routage
triangulaire inefficace de MIP en permettant au noeud mobile (MN) une communication bidirectionnelle avec le noeud correspondant (CN) sans faire passer les messages Ă travers lâagent du rĂ©seau mĂšre (HA), est dĂ©ficiente au niveau de la sĂ©curitĂ©. Lâabsence dâinformations prĂ©-partagĂ©es entre le MN et le CN rend la sĂ©curisation du RO un dĂ©fi de taille. MIPv6 adopte la routabilitĂ© de retour (RR) qui est davantage un mĂ©canisme qui vĂ©rifie lâaccessibilitĂ© du MN sur son adresse du rĂ©seau mĂšre (HoA) et du rĂ©seau visitĂ© (CoA) plutĂŽt quâune fonction de
sĂ©curitĂ©. Dâautres travaux se sont attaquĂ©s aux nombreuses failles de sĂ©curitĂ© du RR, mais soit leur conception est fautive, soit leurs suppositions sont irrĂ©alistes. Le quatriĂšme article prĂ©sente une version amĂ©liorĂ©e de lâalgorithme de gĂ©nĂ©ration cryptographique dâadresse (ECGA)
pour MIPv6 qui intĂšgre une chaĂźne de hachage arriĂšre et offre de lier plusieurs adresses CGA ensemble. ECGA Ă©limine les attaques de compromis temps-mĂ©moire tout en Ă©tant efficace. Ce mĂ©canisme de gĂ©nĂ©ration dâadresse fait parti du protocole Secure MIPv6 (SMIPv6) proposĂ© avec un RO sĂ©curitaire et efficace grĂące Ă DNSSEC pour valider les CGAs qui proviennent dâun domaine de confiance et qui permet une authentification forte plutĂŽt que lâinvariance de
source. Le vĂ©rificateur de protocoles cryptographiques dans le modĂšle formel AVISPA a Ă©tĂ© utilisĂ© pour montrer quâaucune faille de sĂ©curitĂ© nâest prĂ©sente tout en limitant au maximum les messages Ă©changĂ©s dans le rĂ©seau dâaccĂšs. ----------ABSTRACT
Next generation networks aim at offering all available services through an IP-core network by converging fixed-mobile heterogeneous networks. As part of the mobile access network, one of the main objectives of the 4G network is to provide seamless roaming with wireless local area networks and accommodating quality of service (QoS) specifications for digital video broadcasting systems. Such innovation aims expanding video-based digital services while reducing costs by normalizing the network layer through an all-IP architecture such as Internet. However, centralizing all traffic makes the shared core network a vulnerable target
for attackers. Design security solutions in such an environment where entities a priori do not know each other represent a daunting task.
This thesis tackles four important security issues in next generation networks each in distinct papers. The first two deal with security in decentralized mobile ad hoc networks
(MANETs) while the last two focus on securing solutions aiming at reducing bandwidth and energy consumption, in line with the green shift promoted by network operators. More precisely, the third paper is about protecting multicast flows in a packet-loss environment and the last one proposes a secure route optimization function in mobile IPv6 (MIPv6) using an enhanced version of cryptographically generated address (CGA) and domain name service security extensions (DNSSEC).
Most intrusion detection systems (IDS) for MANETs are based on reputation system which classifies nodes according to their degree of trust. However, existing IDS all share the
same major weakness: the failure to detect and react on colluding attacks. The first paper proposes an IDS that integrates the colluding risk factor into the computation of the path reliability which considers the number and the reputation of nodes that can compare both the source message and the retransmitted one. Also, the extended architecture effectively detects malicious and colluding nodes in order to isolate them and protect the network. The
simulations launched in various MANETs containing various proportions of malicious and colluding nodes show that the proposed solution offers a considerable throughput gain compared to current solutions. By effectively selecting the most reliable route and by promptly detecting colluding attacks, the number of lost messages is decreased, and therefore, offering more efficient transmissions.
Instead of thwarting selfishness in MANETs by threatening nodes to limit their network functions, the second paper opts for a non-punishment incentive by compensating nodes for their service through the use of virtual money, more commonly known as nuglets. The last paper presents a game-theoretic framework based on Bertrand competition to incite relaying nodes in forwarding messages according to QoS requirements. For a source to send or access
QoS-sensitive flows, such as real-time applications, it starts by sending a contract specifying the QoS requirements, its duration and a reservation price. Upon receiving a contract submission, intermediary nodes forming a route between the source and the destination share their current and past collected information on themselves and on surrounding nodes to estimate the probability of breaching the contract and the number of active competitors. Both
parameters are crucial in setting a price. Once the source gets the responses from various routes, it selects the most cheapest one. This multiplayer winner-takes-all framework based on Bertrand competition with firms having asymmetric costs and access imperfect information has a mixed-strategy equilibrium in which industry profits are positive and decline not only with the number of firms having an estimated cost below the reservation price but also with the perception of a greater accuracy on a playerâs cost that competitors have. In fact,results show that cost uncertainty increases firmsâ gross margin rate and the prices fluctuation while making the contract honoring much riskier.
On another topic, with the growing interest in converging fixed and mobile networks, mobile applications will require more and more resources from both the network and the
mobile device. In a social-motivated context of shifting into green technologies, using multicast transmissions is essential because it lowers bandwidth consumption by simultaneously reaching a group of multiple recipients. Securing multicast flows has been extensively studied
in the past, but none of the existing solutions were meant to handle the constraints imposed by mobile scenarios, in particular the high packet-loss rate. The need for a low overhead selfhealing rekeying mechanism that is scalable, reliable and suitable for mobile environments has never been more urgent than with the arrival of fixed-mobile convergence in 4G networks.
The second paper presents two self-healing recovery schemes based on the dual directional hash chains for the logical key hierarchy rekeying protocol. This enables a member that has missed up to m consecutive key updates to recover the missing decryption keys without asking the group controller key server for retransmission. Conducted simulations show considerable improvements in the ratio of decrypted messages and in the rekey message overhead in high packet loss environments. The concern of energy efficiency is also present for mobile access network operators. In fact, nearly half of all Internet subscribers come from mobile units at the moment and it is expected to be the largest pool of Internet users by the next decade. The most obvious
choice for mobile operators to support more users would be to replace Mobile IP for IPv4 with MIPv6. However, the Route Optimization (RO) function, which replaces the inefficient triangle routing by allowing a bidirectional communication between a mobile node (MN) and the corresponding node (CN) without passing through its home agent (HA), is not secure and has a high overhead. The lack of pre-shared information between the MN and the CN makes
security in RO a difficult challenge. MIPv6 adopts the return routability (RR) mechanism which is more to verify the MN reachability in both its home address (HoA) and care-of address (CoA) than a security feature. Other works attempted to solve the multiple security issues in RR but either their design are flawed, or rely on unrealistic assumptions. The third paper presents an enhanced cryptographically generated address (ECGA) for MIPv6 that
integrates a built-in backward key chain and offers support to bind multiple logically-linked CGAs together. ECGA tackles the time-memory tradeoff attacks while being very efficient. It is part of the proposed secure MIPv6 (SMIPv6) with secure and efficient RO which uses DNSSEC to validate CGAs from trusted domains and provide strong authentication rather than sender invariance. The AVISPA on-the-fly model checker (OFMC) tool has been used to show that the proposed solution has no security flaws while still being lightweight in signalling messages in the radio network
Security in Distributed, Grid, Mobile, and Pervasive Computing
This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security
Sixth International Joint Conference on Electronic Voting E-Vote-ID 2021. 5-8 October 2021
This volume contains papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5-8, 2021. Due to the extraordinary situation provoked by Covid-19 Pandemic, the conference is held online for second consecutive edition, instead of in the traditional venue in Bregenz, Austria. E-Vote-ID Conference resulted from the merging of EVOTE and Vote-ID and counting up to 17 years since the _rst E-Vote conference in Austria. Since that conference in 2004, over 1000 experts have attended the venue, including scholars, practitioners, authorities, electoral managers, vendors, and PhD Students. The conference collected the most relevant debates on the development of Electronic Voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social or political aspects, amongst others; turning out to be an important global referent in relation to this issue.
Also, this year, the conference consisted of:
· Security, Usability and Technical Issues Track
· Administrative, Legal, Political and Social Issues Track
· Election and Practical Experiences Track
· PhD Colloquium, Poster and Demo Session on the day before the conference
E-VOTE-ID 2021 received 49 submissions, being, each of them, reviewed by 3 to 5 program committee members, using a double blind review process. As a result, 27 papers were accepted for its presentation in the conference. The selected papers cover a wide range of topics connected with electronic voting, including experiences and revisions of the real uses of E-voting systems and corresponding processes in elections.
We would also like to thank the German Informatics Society (Gesellschaft fĂŒr Informatik) with its ECOM working group and KASTEL for their partnership over many years. Further we would like to thank the Swiss Federal Chancellery and the Regional Government of Vorarlberg for their kind support. EVote-
ID 2021 conference is kindly supported through European Union's Horizon 2020 projects ECEPS (grant agreement 857622) and mGov4EU (grant agreement 959072). Special thanks go to the members of the international program committee for their hard work in reviewing, discussing, and shepherding papers. They ensured the high quality of these proceedings with their knowledge and experience
Electronic Voting: 6th International Joint Conference, E-Vote-ID 2021, Virtual Event, October 5â8, 2021: proceedings
This volume contains the papers presented at E-Vote-ID 2021, the Sixth International
Joint Conference on Electronic Voting, held during October 5â8, 2021. Due to the
extraordinary situation brought about by the COVID-19, the conference was held
online for the second consecutive edition, instead of in the traditional venue in
Bregenz, Austria. The E-Vote-ID conference is the result of the merger of the EVOTE
and Vote-ID conferences, with first EVOTE conference taking place 17 years ago in
Austria. Since that conference in 2004, over 1000 experts have attended the venue,
including scholars, practitioners, authorities, electoral managers, vendors, and PhD
students. The conference focuses on the most relevant debates on the development of
electronic voting, from aspects relating to security and usability through to practical
experiences and applications of voting systems, also including legal, social, or political
aspects, amongst others, and has turned out to be an important global referent in
relation to this issue
Examining organisational flexibility in an interorganisational context: A case study of a grocery retail supply chain.
The objective of this thesis is to clarify the complex notion of flexibility and to explore the impact of Interorganisational Information Systems (IOS) on the flexibility of organisations. Previous studies have shown that while the utilisation of IOS can contribute significantly to organisational flexibility, it does not provide equal benefits to all trading partners. Although flexibility is increasingly becoming more important for the survivability and competitiveness of organisations, its meaning is still ambiguous and a rigorous conceptualisation of the notion is lacking in the literature. Most researchers examining the impact of technology on organisational flexibility identify technological as well as organisational issues influencing flexibility, but fail to analyse flexibility as a dynamic concept embedded in the social context. Moreover, they mainly focus on the flexibility of the individual firm, paying less attention to flexibility as a property of the interaction between firms. This research proposes an interpretive approach and examines the notion of flexibility by including a thorough investigation of the organisational context within which it is embedded. Since IOS involve interaction between different organisations, issues of cooperation and relationships with trading partners are also considered. Therefore, the concept of flexibility is viewed from both an organisational and an interorganisational (business network) level, referring to the interaction of trading partners. A synthesized research framework, based on previous research and the theoretical perspectives of appreciative systems thinking and web models, enables us to perceive flexibility as a multidimensional and dynamic concept, embedded in and shaped by the organisational/interorganisational context. In the proposed framework, flexibility is presented not only as the ability of the organisation/business network to respond to environmental disturbances, but also as its capability to evolve and to change over time. A multiple case design in a grocery retail-supply chain in Greece, comprising three suppliers and four retailers, provides the empirical data to support the argument of this thesis. The analysis of the data relates differences in organisational contexts to variations in the flexibility achieved by the organisations. It shows that IOS can provide constraints even for the more competent organisations and illustrates how the interaction with trading partners may influence the flexibility achieved at an organisational level. It finally demonstrates the dynamic nature of flexibility, it describes the relation between its different dimensions and discusses their change and evolution, following and influencing the changes of the organisational and interorganisational contexts
'They are Exactly as Bank Notes are': Perceptions and Technologies of Bank Note Forgery During the Bank Restriction Period, 1797 - 1821
Previous studies of Bank Note forgery in England during the Bank Restriction Period have adopted a highly institutional focus. Thus, much is known about the role played by both the Bank of England and the workings of the criminal justice system in combating both forgers and forged note utterers. The question of how the new system of small denomination Bank Notes impacted upon the day to day lives and understandings of the people that used them has received far less attention. The actual means by which Bank Notes were themselves forged has also been overlooked. This has led to a somewhat two-dimensional view of these notes as material objects.
This thesis will engage with common mentalities and perceptions, seeking to write a 'new history from below' of both Bank Notes and their forgery in this period. Its primary aims will be to explore the question of why the English people were so easily imposed upon by forged Bank Notes; the various means by which forged notes could be constructed; and what an analysis of both of these points can tell us about economic and social understandings of non-elite people at this time. It will be argued that by studying instances in which small denomination Bank Notes were routinely exchanged, we can highlight a significant dichotomy of understanding in a society that was starting to engage with a new culture of promise based fiduciary paper money, yet was still deeply rooted in early-modern notions of paper instruments as objects of personal credit and debt.
The thesis will show that heavy exposure to Bank Notes at this time clearly equipped some contemporaries with their own personalised sets of aesthetic and material "standards", against which the "goodness" of any monetary instrument with which they were presented would be compared. Others continued to examine the material aspect of Bank Notes via a direct comparison or consultation with others. Neither approach was always successful and indeed whatever method was adopted, the common occurrence of the materials and technologies required to construct a credible imitation of a Bank Note meant that it was not just illiterate persons that were susceptible to being deceived. Even a reading of the Bank Note's literate text failed to provide sufficient defence against the activities of the forger