Showing papers by "Chris J. Mitchell published in 2020"

Theory protection in associative learning: Humans maintain certain beliefs in a manner that violates prediction error.

Abstract: Three experiments were conducted to investigate a possible role for certainty in human causal learning. In these experiments, human participants were initially trained with a set of cues, each of which was followed by the presence or absence of an outcome. In a subsequent training stage, 2 of these cues were trained in a causal compound, and the change in associative strength for each of the cues was compared, using a procedure based on Rescorla (2001). In each experiment, the cues differed in both their causal certainty (on the part of participants) and size of their prediction error (with respect to the outcome). The cue with the larger prediction error was always the cue with the more certain causal status. According to established prediction error models (Bush & Mosteller, 1951; Rescorla, 2001; Rescorla & Wagner, 1972), a larger prediction error should result in a greater updating of associative strength. However, the opposite was observed, as participants always learned more about the cue with the smaller prediction error. A plausible explanation is that participants engaged in a form of theory protection, in which they were resistant to updating their existing beliefs about cues with a certain causal status. Instead, participants appeared to attribute outcomes to cues with a comparatively uncertain causal status, in an apparent violation of prediction error. The potential role of attentional processes (Mackintosh, 1975; Pearce & Hall, 1980) in explaining these results is also discussed. (PsycInfo Database Record (c) 2020 APA, all rights reserved).

User Access Privacy in OAuth 2.0 and OpenID Connect

Abstract: Currently widely used federated login (single sign-on) systems, notably those based on OAuth 2.0, offer very little privacy for the user, and as a result the identity provider (e.g. Google or Facebook) can learn a great deal about user web behaviour, in particular which sites they access. This is clearly not desirable for privacy reasons, and in particular for privacy-conscious users who wish to minimise the information about web access behaviour that they reveal to third party organisations. In this paper we give a systematic analysis of the user access privacy properties of OAuth 2.0 and OpenID Connect systems, and in doing so describe how simple it is for an identity provider to track user accesses. We also propose possible ways in which these privacy issues could to some extent be mitigated, although we conclude that to make the protocols truly privacy-respecting requires significant changes to the way in which they operate. In particular, it seems impossible to develop simple browser-based mitigations without modifying the protocol behaviour. We also briefly examine parallel research by Hammann et al., who have proposed a means of improving the privacy properties of OpenID Connect.

Too little too late: can we control browser fingerprinting?

Abstract: Browser fingerprinting is increasingly being used for online tracking of users, and, unlike the use of cookies, is almost impossible for users to control. This has a major negative impact on online privacy. Despite the availability of a range of fingerprinting countermeasures as well as some limited attempts by browser vendors to curb its effectiveness, it remains largely uncontrolled. The paper aims to discuss this issue.,This paper provides the first comprehensive and structured discussion of measures to limit or control browser fingerprinting, covering both user-based and browser-based techniques.,This study discusses the limitations of counter browser fingerprinting measures and the need for browser vendor support in controlling fingerprinting. Further, a somewhat counterintuitive possible new browser identifier is proposed which could make cookies and fingerprint-based tracking redundant; the need for, and possible effect of, this feature is discussed.,This study provides the first comprehensive and structured discussion of measures to limit or control browser fingerprinting. Also, it proposes a new browser identifier that could make cookies and fingerprint-based tracking redundant.

Post-quantum Certificates for Electronic Travel Documents

Abstract: Public key cryptosystems play a crucial role in the security of widely used communication protocols and in the protection of data. However, the foreseen emergence of quantum computers will break the security of most of the asymmetric cryptographic techniques used today, including those used to verify the authenticity of electronic travel documents. The security of international borders would thus be jeopardised in a quantum scenario. To overcome the threat to current asymmetric cryptography, post-quantum cryptography aims to provide practical mechanisms which are resilient to attacks using quantum computers. In this paper, we investigate the practicality of employing post-quantum digital signatures to ensure the authenticity of an electronic travel document. We created a special-purpose public key infrastructure based on these techniques, and give performance results for both creation and verification of certificates. This is the first important step towards specifying the next generation of electronic travel documents, as well as providing a valuable test use case for post-quantum techniques.

Yet another insecure group key distribution scheme using secret sharing

Abstract: A recently proposed group key distribution scheme known as UMKESS, based on secret sharing, is shown to be insecure. Not only is it insecure, but it does not always work, and the rationale for its design is unsound. UMKESS is the latest in a long line of flawed group key distribution schemes based on secret sharing techniques.

How not to secure wireless sensor networks: A plethora of insecure polynomial-based key pre-distribution schemes

Abstract: Three closely-related polynomial-based group key pre-distribution schemes have recently been proposed, aimed specifically at wireless sensor networks. The schemes enable any subset of a predefined set of sensor nodes to establish a shared secret key without any communications overhead. It is claimed that these schemes are both secure and lightweight, i.e. making them particularly appropriate for network scenarios where nodes have limited computational and storage capabilities. Further papers have built on these schemes, e.g. to propose secure routing protocols for wireless sensor networks. Unfortunately, as we show in this paper, all three schemes are completely insecure; whilst the details of their operation varies, they share common weaknesses. In every case we show that an attacker equipped with the information built into at most two sensor nodes can compute group keys for all possible groups of which the attacked nodes are not a member, which breaks a fundamental design objective. The attacks can also be achieved by an attacker armed with the information from a single node together with a single group key to which this sensor node is not entitled. Repairing the schemes appears difficult, if not impossible. The existence of major flaws is not surprising given the complete absence of any rigorous proofs of security for the proposed schemes. A further recent paper proposes a group membership authentication and key establishment scheme based on one of the three key pre-distribution schemes analysed here; as we demonstrate, this scheme is also insecure, as the attack we describe on the corresponding pre-distribution scheme enables the authentication process to be compromised.

Hyperhydration is not necessary for high-dose melphalan in stem cell transplantation

Abstract: To the Editor, High-dose melphalan (120–200 mg/m) is widely used in preparative regimens for autologous and allogeneic haematopoietic stem cell transplantation (HSCT). This drug is often given with “hyperhydration” that usually means 4–6 litres (L) of 0.9% normal saline [1–3]. The practice of hyperhydration appears to be based on early studies using melphalan 200 mg/m (MEL200) in autologous HSCT for multiple myeloma (MM) [4, 5]. These studies used only 2L hydration, however described it as hyperhydration. Subsequent studies [6, 7] used 4–6 L of hyperhydration. Hyperhydration is usually given with highdose chemotherapy that is known to cause nephrotoxicity (e.g., cisplatin, methotrexate) or bladder toxicity (e.g., cyclophosphamide, ifosfamide). However, melphalan is not considered to be a renal or bladder toxic drug based on the limited evidence available. Pharmacokinetic studies have shown that melphalan is predominantly eliminated by spontaneous chemical hydrolysis and only 10% of the dose is excreted in the urine [1]. Given the absence of any data supporting hyperhydration and the potential morbidity and risk associated with the procedure, many institutions have opted not to use hyperhydration [8] while others continue the practice. The process of hyperhydration and subsequent forced diuresis can be exhausting and unpleasant for patients. In addition, patients may be at an increased risk of clinical fluid overload and pulmonary oedema after highdose melphalan and hyperhydration administration. Evidence is needed to inform best practice. This study aimed to retrospectively compare the incidence and severity of acute renal impairment in patients who underwent an autologous HSCT after MEL200 for multiple myeloma (MM), between institutes using hyperhydration and not using hyperhydration. An additional aim was to investigate any adverse events associated with the administration of hyperhydration such as clinical overload and pulmonary oedema. This study employed a retrospective cohort design. A chart review was performed on patients who had received a MEL200 autologous HSCT for MM between January 2015 and September 2017 at the Royal Brisbane and Women’s Hospital (RBWH) and The Townsville Hospital (TTH) in Queensland, Australia. These institutions were selected based on the similar in-patient treatment provided to HSCT patients, leading to reduced confounding when comparing the two groups. Both hospitals provided autologous HSCT as inpatients using standardised HDM protocols, provided similar supportive care, and took daily blood tests and weights. The main difference between the two institutions was the amount of fluid administered with melphalan (6L vs. 2L). Patients were included if they: (1) had a diagnosis of MM; and (2) underwent MEL200 autologous HSCT as in-patients. Patients who received all other types of HSCT were excluded. Ethical approval was obtained from the RBWH and TTH Human Research Ethics Committee (HREC/17/QRBW/ 364). Experienced health care professionals working at the RBWH and TTH collected data from the medical records. Collected data includes patients’ demography, daily creatinine (Cr) and weight, fluid overload (O/L), frusemide use, acute pulmonary oedema (APO), sepsis, and antibiotic use. Data was collected from admission (baseline) to Day 7 post HSCT. * Midori Nakagaki midori.nakagaki@health.qld.gov.au

How not to secure wireless sensor networks revisited: Even if you say it twice it's still not secure

Abstract: Two recent papers describe almost exactly the same group key establishment protocol for wireless sensor networks. Quite part from the duplication issue, we show that both protocols are insecure and should not be used - a member of a group can successfully impersonate the key generation centre and persuade any other group member to accept the wrong key value. This breaks the stated objectives of the schemes.

Who Needs Trust for 5G

Abstract: There has been much recent discussion of the criticality of the 5G infrastructure, and whether certain vendors should be able to supply 5G equipment. The key issue appears to be about trust, namely to what degree the security and reliability properties of 5G equipment and systems need to be trusted, and by whom, and how the necessary level of trust might be obtained. In this paper, by considering existing examples such as the Internet, the possible need for trust is examined in a systematic way, and possible routes to gaining trust are described. The issues that arise when a security and/or reliability failure actually occurs are also discussed. The paper concludes with a discussion of possible future ways of enabling all parties to gain the assurances they need in a cost-effective and harmonised way.

Two closely related insecure noninteractive group key establishment schemes.

Abstract: Serious weaknesses in two very closely related group authentication and group key establishment schemes are described. Simple attacks against the group key establishment part of the schemes are described, which strongly suggest that the schemes should not be used.

An insecure noninteractive group key establishment scheme.

Abstract: A serious weakness in the recently proposed Chen-Hsu-Harn group authentication and group key establishment scheme is described. A simple attack against the group key establishment part of the scheme is given, which casts doubt on the viability of the scheme.

The Albakri-Harn key pre-distribution scheme is insecure

Abstract: Three closely-related polynomial-based group key pre-distribution schemes have recently been proposed, aimed specifically at wireless sensor networks. The schemes enable any subset of a predefined set of sensor nodes to establish a shared secret key without any communications overhead. It is claimed that these schemes are both secure and lightweight, i.e. making them particularly appropriate for network scenarios where nodes have limited computational and storage capabilities. Further papers have built on these schemes, e.g. to propose secure routing protocols for wireless sensor networks. Unfortunately, as we show in this paper, all three schemes are completely insecure; whilst the details of their operation varies, they share common weaknesses. In every case we show that an attacker equipped with the information built into at most two sensor nodes can compute group keys for all possible groups of which the attacked nodes are not a member, which breaks a fundamental design objective. The attacks can also be achieved by an attacker armed with the information from a single node together with a single group key to which this sensor node is not entitled. Repairing the schemes appears difficult, if not impossible. The existence of major flaws is not surprising given the complete absence of any rigorous proofs of security for the proposed schemes. A further recent paper proposes a group membership authentication and key establishment scheme based on one of the three key pre-distribution schemes analysed here; as we demonstrate, this scheme is also insecure, as the attack we describe on the corresponding pre-distribution scheme enables the authentication process to be compromised.