Authenticated Key Distribution: When the Coupon Collector is Your Enemy

We introduce new authenticated key exchange protocols which on the one hand do not resort to standard public key setups with corresponding assumptions of computationally hard problems, but on the other hand, are more efficient than distributing symmetric keys among the participants. To this end, we rely on a trusted central authority distributing key material whose size is independent of the total number of users, and which allows the users to obtain shared secret keys. We analyze the security of our construction, taking into account various attack models. Importantly, only symmetric primitives are needed in the protocol making it an alternative to quantum-safe key exchange protocols which rely on hardness assumptions

SMAPs: Short Message Authentication Protocols

There is a long history of authentication protocols designed for ease of human use, which rely on users copying a short string of digits. Historical examples include telex test keys and early nuclear firing codes; familiar modern examples include prepayment meter codes and the 3-digit card verification values used in online shopping. In this paper, we show how security protocols that are designed for human readability and interaction can fail to provide adequate protection against simple attacks. To illustrate the problem, we discuss an offline payment protocol and explain various problems. We work through multiple iterations, or 'evolutions', of the protocol in order to get better tradeoffs between security and usability. We discuss the limitation of verifying such protocols using BAN logic. Our aim is to develop usable human-friendly protocols that can be used in constrained offline environments. We conclude that protocol designers need to be good curators of security state, and also pay attention to the interaction between online and offline functions. In fact, we suggest that delay-tolerant networking might be a future direction of evolution for protocol research

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

Patient and health service delay in pulmonary tuberculosis patients attending a referral hospital: a cross-sectional study

BACKGROUND: Delays in diagnosis and initiation of effective treatment increase morbidity and mortality from tuberculosis as well as the risk of transmission in the community. The aim of this study was to determine the time taken for patients later confirmed as having TB to present with symptoms to the first health provider (patient delay) and the time taken between the first health care visit and initiation of tuberculosis treatment (health service delay). Factors relating to these 'delays' were analyzed. METHODS: A cross-sectional survey, of 231 newly diagnosed smear-positive tuberculosis patients was conducted in Mulago National referral Hospital Kampala, from January to May 2002. Socio-demographic, lifestyle and health seeking factors were evaluated for their association with patient delay (>2 weeks) and health service delay (>4 weeks), using odds ratios with 95% confidence intervals (CI) including multivariate logistic regression. RESULTS: The median total delay to treatment initiation was 12 weeks. Patients often presented to drug shops or pharmacies (39.4%) and private clinics (36.8%) more commonly than government health units (14%) as initial contacts. Several independent predictors of 'patient delay' were identified: being hospitalized (odds ratio [0R] = 0.32; 95% CI: 0.12–0.80), daily alcohol consumption (OR = 3.7; CI: 1.57–9.76), subsistence farming (OR = 4.70; CI: 1.67–13.22), and perception of smoking as a cause of TB (OR = 5.54; CI: 2.26–13.58). Independent predictors of 'health service delay' were: >2 health seeking encounters per month (OR = 2.74; CI: 1.10–6.83), and medical expenditure on TB related symptoms >29 US dollars (OR = 3.88; CI: 1.19–12.62). Perceived TB stigma and education status was not associated with either form of delay. CONCLUSION: Delay in diagnosis of TB is prolonged at the referral centre with a significant proportion of Health service delay. More specific and effective health education of the general public on tuberculosis and seeking of appropriate medical consultation is likely to improve case detection. Certain specific groups require further attention. Alcoholics and subsistence farmers should be targeted to improve accessibility to TB treatment. Continuing medical education about TB management procedures for health providers and improvement in the capacity of TB control services should be undertaken

A Multiset Rewriting Model for Specifying and Verifying Timing Aspects of Security Protocols

Catherine Meadows has played an important role in the advancement of formal methods for protocol security verification. Her insights on the use of, for example, narrowing and rewriting logic has made possible the automated discovery of new attacks and the shaping of new protocols. Meadows has also investigated other security aspects, such as, distance-bounding protocols and denial of service attacks. We have been greatly inspired by her work. This paper describes the use of Multiset Rewriting for the specification and verification of timing aspects of protocols, such as network delays, timeouts, timed intruder models and distance-bounding properties. We detail these timed features with a number of examples and describe decidable fragments of related verification problems

Delayed consultation among pulmonary tuberculosis patients: a cross sectional study of 10 DOTS districts of Ethiopia

<p>Abstract</p> <p>Background</p> <p>Delays seeking care increase transmission of pulmonary tuberculosis and hence the burden of tuberculosis, which remains high in developing countries. This study investigates patterns of health seeking behavior and determines risk factors for delayed patient consultation at public health facilities in 10 districts of Ethiopia.</p> <p>Methods</p> <p>New pulmonary TB patients ≥ 15 years old were recruited at 18 diagnostic centres. Patients were asked about their health care seeking behaviour and the time from onset of symptoms to first consultation at a public health facility. First consultation at a public health facility 30 days or longer after onset of symptoms was regarded as prolonged patient delay.</p> <p>Results</p> <p>Interviews were held with 924 pulmonary patients. Of these, 537 (58%) were smear positive and 387 (42%) were smear negative; 413 (45%) were female; 451 (49%) were rural residents; and the median age was 34 years. Prior to their first consultation at a public health facility, patients received treatment from a variety of informal sources: the Orthodox Church, where they were treated with holy water (24%); private practitioners (13%); rural drug vendors (7%); and traditional healers (3%). The overall median patient delay was 30 days (mean = 60 days). Fifty three percent [95% Confidence Intervals (CI) (50%, 56%)] of patients had delayed their first consultation for ≥ 30 days. Patient delay for women was 54%; 95% CI (54%, 58%) and men 51%; 95% CI (47%, 55%). The delay was higher for patients who used informal treatment (median 31 days) than those who did not (15 days). Prolonged patient delay (≥ 30 days) was significantly associated with both patient-related and treatment-related factors. Significant patient-related factors were smear positive pulmonary disease [Adjusted Odds Ratio (AOR) 1.4; 95% CI (1.1 to 1.9)], rural residence [AOR 1.4; 95% CI (1.1 to 1.9)], illiteracy [AOR 1.7; 95% CI (1.2 to 2.4)], and lack of awareness/misperceptions of causes of pulmonary TB. Significant informal treatment-related factors were prior treatment with holy water [AOR 3.5; 95% CI (2.4 to 5)], treatment by private practitioners [AOR 1.7; 95% CI (1.1 to 2.6)] and treatment by drug vendors [AOR 1.9; 95% CI (1.1 to 3.5)].</p> <p>Conclusion</p> <p>Nearly half of pulmonary tuberculosis patients delayed seeking health care at a public health facility while getting treatment from informal sources. The involvement of religious institutions and private practitioners in early referral of patients with pulmonary symptoms and creating public awareness about tuberculosis could help reduce delays in starting modern treatment.</p