Generic constructions for universal designated-verifier signatures and identitybased signatures from standard signatures

The authors give a generic construction for universal (mutli) designated-verifier signature schemes from a large class of signature schemes, referred to as Class C. The resulting schemes are efficient and have two important properties. Firstly, they are provably DV-unforgeable, non-transferable and also non-delegatable. Secondly, the signer and the designated verifier can independently choose their cryptographic settings. The authors also propose a generic construction for (hierarchical) identity-based signature schemes from any signature scheme in C and prove that the construction is secure against adaptive chosen message and identity attacks. The authors discuss possible extensions of our constructions to identity-based ring signatures and identity-based designated-verifier signatures from any signature in C. Finally, the authors show that it is possible to combine the above constructions to obtain signatures with combined functionalities.     

Stealing PINs via mobile sensors: actual risk versus user perception

In this paper, we present the actual risks of stealing user PINs by using mobile sensors versus the perceived risks by users. First, we propose PINlogger.js which is a JavaScript-based side channel attack revealing user PINs on an Android mobile phone. In this attack, once the user visits a website controlled by an attacker, the JavaScript code embedded in the web page starts listening to the motion and orientation sensor streams without needing any permission from the user. By analysing these streams, it infers the user’s PIN using an artificial neural network. Based on a test set of fifty 4-digit PINs, PINlogger.js is able to correctly identify PINs in the first attempt with a success rate of 74% which increases to 86 and 94% in the second and third attempts, respectively. The high success rates of stealing user PINs on mobile devices via JavaScript indicate a serious threat to user security. With the technical understanding of the information leakage caused by mobile phone sensors, we then study users’ perception of the risks associated with these sensors. We design user studies to measure the general familiarity with different sensors and their functionality, and to investigate how concerned users are about their PIN being discovered by an app that has access to all these sensors. Our studies show that there is significant disparity between the actual and perceived levels of threat with regard to the compromise of the user PIN. We confirm our results by interviewing our participants using two different approaches, within-subject and between-subject, and compare the results. We discuss how this observation, along with other factors, renders many academic and industry solutions ineffective in preventing such side channel attacks.     

DOMtegrity: ensuring web page integrity against malicious browser extensions

In this paper, we address an unsolved problem in the real world: how to ensure the integrity of the web content in a browser in the presence of malicious browser extensions? The problem of exposing confidential user credentials to malicious extensions has been widely understood, which has prompted major banks to deploy two-factor authentication. However, the importance of the “integrity” of the web content has received little attention. We implement two attacks on real-world online banking websites and show that ignoring the “integrity” of the web content can fundamentally defeat two-factor solutions. To address this problem, we propose a cryptographic protocol called DOMtegrity to ensure the end-to-end integrity of the DOM structure of a web page from delivering at a web server to the rendering of the page in the user’s browser. DOMtegrity is the first solution that protects DOM integrity without modifying the browser architecture or requiring extra hardware. It works by exploiting subtle yet important differences between browser extensions and in-line JavaScript code. We show how DOMtegrity prevents the earlier attacks and a whole range of man-in-the-browser attacks. We conduct extensive experiments on more than 14,000 real-world extensions to evaluate the effectiveness of DOMtegrity.

     

Sensing and Field Data Capture for Construction and Facility Operations

Collection of accurate, complete, and reliable field data is not only essential for active management of construction projects involving various tasks, such as material tracking, progress monitoring, and quality assurance, but also for facility and infrastructure management during the service lives of facilities and infrastructure systems. Limitations of current manual data collection approaches in terms of speed, completeness, and accuracy render these approaches ineffective for decision support in highly dynamic environments, such as construction and facility operations. Hence, a need exists to leverage the advancements in automated field data capture technologies to support decisions during construction and facility operations. These technologies can be used not only for acquiring data about the various operations being carried out at construction and facility sites but also for gathering information about the context surrounding these operations and monitoring the workflow of activities during these operations. With this, it is possible for project and facility managers to better understand the effect of environmental conditions on construction and facility operations and also to identify inefficient processes in these operations. This paper presents an overview of the various applications of automated field data capture technologies in construction and facility fieldwork. These technologies include image capture technologies, such as laser scanners and video cameras; automated identification technologies, such as barcodes and Radio Frequency Identification (RFID) tags; tracking technologies, such as Global Positioning System (GPS) and wireless local area network (LAN); and process monitoring technologies, such as on-board instruments (OBI). The authors observe that although applications exist for capturing construction and facility fieldwork data, these technologies have been underutilized for capturing the context at the fieldwork sites as well as for monitoring the workflow of construction and facility operations.     

Topological surrogates for computationally efficient seismic robustness optimization of water pipe networks

The criticality of seismic robustness of the water pipe networks cannot be overstated. Current methodologies for optimizing seismic robustness of city‐scale water pipe networks are scarce. A very few studies that can be found are also prone to long optimization runtimes due to the requirement of repeated hydraulic analysis. Hence, there is a critical need for the identification of computationally efficient surrogate optimization methods for maximizing seismic robustness of water pipe networks. To address this need, this research was conducted to identify, for the first time, computationally efficient topological surrogates for hydraulic simulation‐based optimization. The computational efficiency of surrogate optimization was measured in terms of solution quality (i.e., post‐earthquake serviceability) and computational runtime. Ten different topological connectivity metrics were evaluated out of which five were considered computationally infeasible due to their prohibitive optimization runtime. Five remaining metrics were then used to formulate five surrogate objective functions for seismic robustness of water pipe networks. Each of these functions was optimized using a simulated annealing‐based algorithm. Application of the proposed approach to city‐level benchmark networks helped to identify two metrics out of ten that offered a substantial reduction in optimization runtime with a minimal loss in solution quality. These findings will be highly valuable to water distribution network managers for identifying economical rehabilitation policies for enhancing the seismic robustness at a city‐scale within a reasonable amount of time.     

Data-Fusion Approaches and Applications for Construction Engineering

Data fusion can be defined as the process of combining data or information for estimating the state of an entity. Data fusion is a multidisciplinary field that has several benefits, such as enhancing the confidence, improving reliability, and reducing ambiguity of measurements for estimating the state of entities in engineering systems. It can also enhance completeness of fused data that may be required for estimating the state of engineering systems. Data fusion has been applied to different fields, such as robotics, automation, and intelligent systems. This paper reviews some examples of recent applications of data fusion in civil engineering and presents some of the potential benefits of using data fusion in civil engineering.     

Empirical tests for identifying leading indicators of ENR Construction Cost Index

Engineering News-Record (ENR) publishes its Construction Cost Index (CCI) monthly. CCI is the weighted average price of construction activities in 20 United States (US) cities. CCI has widely been used for cost estimation, bid preparation and investment planning. Cost estimators and investment planners are not only interested in the current CCI, but also are interested in forecasting changes in CCI trends. However, CCI is subject to significant variations that are difficult to predict. An important step towards forecasting CCI trends is to identify its leading indicators. The research objective is to identify the leading indicators of CCI using empirical tests. The results of Granger causality tests show that consumer price index, crude oil price, producer price index, GDP, employment levels in construction, number of building permits, number of housing starts and money supply are the leading indicators of CCI. The results of Johansen’s cointegration tests show that money supply and crude oil price are the leading indicators with long-term relationships with CCI. These findings contribute to the body of knowledge in CCI forecasting. CCI can be predicted more accurately using its leading indicators. Cost estimators and capital project planners can benefit from better forecasting through reduction in uncertainty about future construction costs.     

Adaptive CCA broadcast encryption with constant-size secret keys and ciphertexts

We consider designing public-key broadcast encryption schemes with constant-size secret keys and ciphertexts, achieving chosen-ciphertext security. We first argue that known CPA-to-CCA transforms currently do not yield such schemes. We then propose a scheme, modifying a previous selective CPA secure proposal by Boneh, Gentry, and Waters. Our scheme has constant-size secret keys and ciphertexts, and we prove that it is selective chosen-ciphertext secure based on standard assumptions. Our scheme has ciphertexts that are shorter than those of the previous CCA secure proposals. Then, we propose a second scheme that provides the functionality of both broadcast encryption and revocation schemes simultaneously using the same set of parameters. Finally, we show that it is possible to prove our first scheme adaptive chosen-ciphertext secure under reasonable extensions of the bilinear Diffie–Hellman exponent and the knowledge-of-exponent assumptions. We prove both of these extended assumptions in the generic group model. Hence, our scheme becomes the first to achieve constant-size secret keys and ciphertexts (both asymptotically optimal) and adaptive chosen-ciphertext security at the same time.     

Hybrid of genetic algorithm and simulated annealing for multiple project scheduling with multiple resource constraints

Since scheduling of multiple projects is a complex and time-consuming task, a large number of heuristic rules have been proposed by researchers for such problems. However, each of these rules is usually appropriate for only one specific type of problem. In view of this, a hybrid of genetic algorithm and simulated annealing (GA-SA Hybrid) is proposed in this paper for generic multi-project scheduling problems with multiple resource constraints. The proposed GA-SA Hybrid is compared to the modified simulated annealing method (MSA), which is more powerful than genetic algorithm (GA) and simulated annealing (SA). As both GA and SA are generic search methods, the GA-SA Hybrid is also a generic search method. The random-search feature of GA, SA and GA-SA Hybrid makes them applicable to almost all kinds of optimization problems. In general, these methods are more effective than most heuristic rules. Three test projects and three real projects are presented to show the advantage of the proposed GA-SA Hybrid method. It can be seen that GA-SA Hybrid has better performance than GA, SA, MSA, and some most popular heuristic methods.