Tuesday, January 28, 2020

Cells Breaks the Tor’s Anonymity: Onion Router

Cells Breaks the Tor’s Anonymity: Onion Router Ms. S.SIVARANJANI Ms. R.BACKIYALAKSHMI B.E, M.Tech., Abstract To hide the communication of users, the anonymity systems pack the application data into equal – sized cells. The size of IP packets in the Tor network can be very dynamic and the IP layer may be repack cells. A new cell-counting attack against Tor allows the attacker to confirm anonymous communication relationship among users very quickly. By varying the number of cells in the target traffic at the malicious exit onion router, the attacker can embed a secrete signal into variation of cell counter of the target traffic and it will be carried and arrive at the malicious entry onion router. Then an accomplice of the attacker will detect the signal based on received cells and confirm the communication among the users. There are several features of this attack. First, it is highly efficient and confirms very short communication session with only tens of cells. Second, this attack is effective and detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect. Keywords Anonymity, cell counting, mix networks, signal, Tor. INTRODUCTION Anonymity has become a necessary and legitimate aim in many applications. Here the encryption alone cannot maintain the anonymity required by users. Generally speaking, mix techniques can be used for either message-based or flow-based anonymity applications. Research on flow-based anonymity applications has recently received great attention in order to preserve anonymity in low-latency applications, including Web browsing and peer-to-peer file sharing. To degrade the anonymity service provided by anonymous communication systems, traffic analysis attacks have been used. The Existing traffic analysis attacks can be categorized into two types: passive traffic analysis and active watermarking techniques. The active watermarking technique has recently received much attention to improve the accuracy of attack. In this technique is to actively introduce special signals into the sender’s outbound traffic with the intention of recognizing the embedded signal at the receiver’s inbound traffic. The core contribution of the paper is a new cell counting based attack against Tor network. This attack confirms anonymous communication relationship among users accurately and quickly and it is difficult to detect. The attacker at the exit onion router detects the data transmitted to a destination and then determines whether the data is relay cell or control cell in Tor. After excluding control cells, manipulate the number of relay cells in the circuit queue and flushes out all cells in the circuit queue. This way the attacker can embed a signal into the variation of cell count during a short period in the target traffic. To recover the embedded signal, the attacker at the entry onion router detects and excludes the control cells, record the number of relay cells in the circuit queue and recover the embedded signal. The main features of cell-counting based attack are: (1) This attack is highly efficient and can quickly confirm very short anonymous communication sessions with tens of cells. (2) It is effective and detection rate approaches 100 % with very low false positive rate. (3) It makes difficult for others to detect the presence of the embedded signal. The Time – hopping based signal embedding technique makes the attack even harder to detect. SYSTEM ARCHITECURE There are two types of cells: Control cell and Relay cell. The CELL_CREATE or CELL_CREATED used for setting up a new circuit. CELL_DESTROY used for releasing a circuit. Relay cell is used to carry TCP stream data from client to bob. Some of the relay commands are: RELAY_COMMAND_BEGIN, RELAY_COMMAND_END, RELAY_COMMAND_ DATA, RELAY_COMMAND_SENDME, and RELAY_ COMMAND_DROP. The Onion router (OR) maintains the TLS connection to other OR. Onion proxy (OP) uses source routing and chooses several ORs from cached directory. OP establishes circuit across the Tor network and negotiates a symmetric key with each OR, one hop at a time, as well as handle TCP stream from client application. The OR on other side of circuit connects to the requested destination and relay the data. The OP will sets up TLS connection with OR1 using protocol, through this connection , OP sends CELL_CREATE cell and uses Diffie-Hellman (DH) handshake protocol to negotiate a base key k1=gxy with OR1. Form this key; a forward symmetric key kf1 and backward key kb1 are produced. This way first hop circuit C1 is created. Similarly OP extends the circuit to second and third hop. After circuit is setup, OP sends a RELAY_COMMAND_BEGIN cell to the exit onion router and cell is encrypted as {{{Begin}kf3}kf2}kf1. While the cell traverses through circuit each time the layer of onion skin are removed one by one. At last the OR3 last skin is removed by decryption then it open a TCP stream to a port at the destination IP, which belongs to bob. The OR3 sets up a TCP connection with bob and sends a RELAY_COMMAND_CONNECTED cell back to Alice’s OP. Then the client can download the file. PROCESSING CELL AT ONION ROUTER The TCP data is received by OR from port A and it is processed by TCP and TLS protocols. Then the processed data is delivered to the TLS buffer. The read event is called to read and process the data pending in the TLS buffer. This read event will pull the data from TLS buffer into the input buffer. Then the read event process cells from input buffer one by one. Each OR has routing table which maintains map from source connection and circuit ID to destination connection and circuit ID. The transmission direction of the cell can be determined by the read event. To append the cell to the destination circuit the corresponding symmetric key is used to decrypt / encrypt the payload of the cell, replace the present circuit ID with destination circuit ID. The cell can be written directly for the destination connection if there is no data waiting in output buffer and the write event is added to the event queue. After calling the write event, the data is flushed to TLS buffer of destination. Then write event pull as many cells as possible from circuit to output buffer and add write event to event queue. The next write event carry on flushing data to output buffer and pull cells to output buffer else the cell queued in circuit queue can be delivered to network via port B by calling write event twice. Fig. 2Processing the cells at Onion router CELL – COUNTING BASED ATTACK The IP packets in Tor network is very dynamic and based on this the cell – counting based attack implemented. Dynamic IP packets over Tor : The application data will be packed into equal sized cells (512-B). While the packets transmitted over the Tor network it is dynamic. Because of this reason the size of packets from sender to receiver is random over time and large numbers of packets have varied in sizes. The main reason for this is the varied performance of OR cause cells not to be promptly processed and also if network is congested, cells will not delivered on time, because of this the cell will merge and non-MTU(Maximum Transmission Unit) sized packets will show up. Work-flow of Cell – Counting based attack: Step 1: SELECTING THE TARGET :- The attacker log the information at the exit OR, including the server host IP address and port for a circuit and circuit ID and uses CELL – RELAY-DATA to transmit the data stream. Step 2: ENCODING THE SIGNAL :- Until the write event is called the CELL – RELAY – DATA will be waited in the circuit queue. After the write event is called then the cells are flushed into output buffer. Hence the attacker can manipulate the number of cells flushed to the output buffer all together. This way the attacker can able to embed the secret signal. To encode bit 1, the attacker can flushes three cells from circuit queue and for bit 0, flushes one cell from circuit queue. Step 3: RECORDING PACKETS :- After the signal is embedded in the target traffic it will be transmitted to the entry OR along with target traffic. The attacker at the entry OR will record the received cells and related information and need to determine whether the received cells are CELL – RELAY – DATA cells. Step 4: RECOGNIZING THE EMBEDDED SIGNAL :- The attacker enters the phase of recognizing the embedded signal with the recorded cells. For this used the recovery mechanisms. Once the original signal is identified the attacker can link the communication between Alice and Bob. There are two critical issues related to attack: (1) Encoding signals at exit OR: Two cells are not enough to encode â€Å"1† bit. Because if the attacker uses two cells to encode bit â€Å"1† then it will be easily distorted over network and also hard to recover. When the two cells arrive at the input buffer at the middle OR, the first cell will be pulled into circuit queue and then if the output buffer is empty, the first cell will be flushed into it. Then the second cell will be pulled to the circuit queue. Since the output buffer is not empty, the second cell stays in the circuit queue. When the write event is called, the first cell will be delivered to the network, while the second cell written to the output buffer and wait for the next write event. Consequently, two originally combined cells will be split into two separate cells at the middle router. So the attacker at the entry OR will observe two separate cells arriving at the circuit queue. This cells will be d ecoded as two â€Å"0† bits, leading the attacker to a wrong detection of the signal. To deal with this issue the attacker should choose at least three cells for carrying bit â€Å"1†. For transmitting cells, proper delay interval should be selected: If the delay interval among the cells is too large, users are not able to tolerate the slow traffic and to transmit the data will choose another circuit. When this condition happens the attack will fail. And if the delay interval is too small, then it will increase the chance that cells may combined at middle OR. (2) Decoding signals at the entry OR: Distortion of signal: Anyway the combination and division of the cells will happen due to unpredictable network delay and congestion. This will cause the embedded signal to be distorted and the probability of recognizing the embedded signal will be reduced. Because of this distortion of the signal, a recovery mechanism can be used, that recognize the embedded signal. The combination and division of cell can be categorized into four types: (1) Two types of the cell division for the unit of the signal and (2) Two types of the cell combination for different units of signal. To deal with these types of division and combination types of the cells the recovery algorithm can be used. If the number of cells recorded in the circuit queue is smaller than the number of the original signal are recovered as either two types of cell division for the unit of the signal. Suppose the number of cells recorded in the circuit queue is larger than the number of cells for carrying the signal; the recovered signal will be either two of the cell combination for different units of signal. When the signals are recovered in these types with k ≠¤ 2, can consider that these signals are successfully identified otherwise cannot be identified. Attack Delectability: To improve the attack invisibility can adopt the time-hopping-based signal embedding technique, which can reduce the probability of interception and recognition. The principle of this technique is, there exit random intervals between signal bits. At the exit OR, the duration of those intervals are varied according to a pseudorandom control code which is known to only the attackers. To recover this signal, the attacker at the entry OR can use the same secret control code to position the signal bits and recover the whole signal. If the interval between the bits is large enough, the inserted signal bits appear sparse within the target traffic and it is difficult to determine whether groups of cells are caused by network dynamics or intention. Therefore the secret signal embedded into the target traffic is no different than the noise. And when a malicious entry node has confirmed the communication relationship, it can separate the group of cells by adding delay betw een the cells so that not even the client can observe the embedded signal. In this paper a signal is embedded into the target traffic, which implies a secrete sequence of groups of one and three cells. With the time-hopping technique, groups of one and three cells are separated by random intervals and it is hard to differentiate them from those caused by network dynamics and since the embedded signal is very short and only known to attacker, can conclude that it is very difficult to distinguish traffic with embedded signals from normal traffic based on this very short secret sequence of cell groups. CONCLUSION AND FUTURE WORK In this paper, we presented a cell-counting based attack against Tor network. This can confirm the anonymous communication among the user quickly and accurately and it is very difficult to detect. The attacker at the exit OR manipulates the transmission of cells from the target TCP stream and embeds a secret signal into the cell counter variation of the TCP stream. Then the attacker at the entry OR recognizes the embedded signal using developed recovery algorithms and links the communication relationship among the users. In this attack the detection rate is monotonously increasing function with the delay interval and decreasing function of the variance of one way transmission delay along a circuit. This attack could drastically and quickly degrade the anonymity service that Tor provides. Due to the fundamental design of the Tor network, defending against this attack remains a very challenging task that we will investigate in future work. REFERENCES [1] W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao, â€Å"DSSS-based à ¯Ã‚ ¬Ã¢â‚¬Å¡ow marking technique for invisible traceback,† in Proc. IEEE SP,May 2007, pp. 18–32. [2] N. B. Amir Houmansadr and N. Kiyavash, â€Å"RAINBOW: A robust and invisible non-blind watermark for network à ¯Ã‚ ¬Ã¢â‚¬Å¡ows,† in Proc.16thNDSS, Feb. 2009, pp. 1–13. [3] V. Shmatikov and M.-H. Wang, â€Å"Timing analysis in low-latency MIX networks: Attacks and defenses,† in Proc. ESORICS, 2006, pp. 18–31. [4] V. Fusenig, E. Staab, U. Sorger, and T. Engel, â€Å"Slotted packet counting attacks on anonymity protocols,† in Proc. AISC, 2009, pp. 53–60. [5] X. Wang, S. Chen, and S. Jajodia, â€Å"Tracking anonymous peer-to-peer VoIP calls on the internet,† in Proc. 12th ACM CCS, Nov. 2005, pp.81–91. [6] K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker, â€Å"Lowresource routing attacks against anonymous systems,† Univ. Colorado Boulder, Boulder, CO, Tech. Rep., Aug. 2007. [7] X. Fu, Z. Ling, J. Luo, W. Yu, W. Jia, and W. Zhao, â€Å"One cell is enough to break Tor’s anonymity,† in Proc. Black Hat DC,Feb.2009[Online]. Available: http://www.blackhat.com/presentations/bh-dc-09/Fu/ BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf [8] R. Dingledine, N. Mathewson, and P. Syverson, â€Å"Tor: Anonymity online,† 2008 [Online]. Available: http://tor.eff.org/index.html.en [9] R. Dingledine and N. Mathewson, â€Å"Tor protocol specià ¯Ã‚ ¬Ã‚ cation,†2008 [Online]. Available: https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt [10] J. Reardon, â€Å"Improving Tor using a TCP-over-DTLS tunnel,† Master’s thesis, University of Waterloo, Waterloo, ON, Canada, Sep. 2008. Project management example: The London Eye Project management example: The London Eye Introduction Generally, the definitions of project management have diversities, but in commonly project management is used to accomplish business ambition, strategies and well-defined work tasks within a certain schedule and limit budget (Sabin, 2006). The project management required skill, experience, processes, methods and knowledge in order to complete the objectives of the project (Association for Project Management, 2014). Most strategists succeed in these days with high competitive and fusing global economy are mostly using the project management techniques to deliver substantial quality of business results within limited time and budget (Project Management Institute, 2014). Jamieson Morris (2004) support that project management is a key factor in business process. Even in many definitions of project management, the fundamental is about attaining the jobs done. The London Eye is the huge project that was designed by architectures David Marks and Julia Barfield, its purpose to represent modern architectural design and engineering of the first of the millennium century (Tim and Ian, 2000). The London eye was the tallest Ferris wheel in the world by height 135 meters, after success, with Star of Nanchang in 2006, Singapore Flyer in 2008 and High Roller in 2014 in order. The construction of London Eye used 16 months to finish in order to celebrated of the year 2000, London Eye also knows as the Millennium Wheel. In the first year of operation, number of visitors approximately was 3.2 millions, hence this becomes more popular of attracting visitors in the United Kingdom. The production cost of the London Eye is 75 million pounds and took 50 percent of time less than normal to finish the project (Marks Barfield, 2014). This makes London Eye is one of the most interested project to measure and examined in the process of project management. A project must have three variables that can estimate certain time of the project, limited by budget and meet quality requirement (Lester, 2007). Characteristics in process of construction London Eye can be evaluated as the project, because of the constrains from budget and time, no repetition of construction, requirement of a variety of skill and experience expertise involve. From all of these characteristics summarize that the London Eye is classified as a project. The scope of this paper study is to investigate two aspects, which are stakeholders management, project planning and scheduling that make London Eye become a successful project. However, it is essentially that we have to understand the background of the project first, in order to understand the process. London Eye’s Characteristics Since 2000, the London Eye has become one of the iconic landmarks of London. The concept of London Eyes was introduced in 1993 by the architecture name Marks Barfield. His design of Ferris wheel submitted to the Architecture Foundation competition in order to build to celebrate the millennium year. In 1994, British Airways interest to become a sponsor of the project. In 1996, the permission of the project was successfully made by the agreement of shareholders as the result, Tussauds Group was joined as the last partner. The London Eye was constructed before the year 2000 only 16 months (The British Broadcasting Corporation, 2005). More that 5 different oversea companies worked to build London Eyes and it took 7 years till it was open. The formal opening ceremony on 31, December 1991 and follow by public open on 9, March 2000. The Iron Triangle Figure1: Iron triangle of London Eye project The Iron Triangle is the traditional technique for evaluating project performance, which have three variables; time, cost and scope that try to balance each others (Atkinson, 1999; Gardiner and Stewart, 2000). If one of the three variables is changed, it will affect one of the others too. For example; if stakeholders want less time of construction, they need to increase the budget or reduce the scope (Gregory, 2006). In (Figure1) shows The Iron Triangle of London Eye project follow by time, cost and scope. The London Eye used only 16 months in order to finish the construction process, in order to celebrate millennium century, that is 50 percent less than normal process. The cost of construction of London Eye was 75 million pounds higher than average cost of normal construction. But the cost of building was not issued to be a problem because the main purpose of this is to open on time and to be the biggest Ferris wheel in the world (London Eye, 2014). To understand the key elements of project management, such as stakeholders management, project planning and scheduling which are the factors to push the London Eye finished on time. The Author will illustrate and explain two of variables in further. Stakeholders Management According to, Freeman and Reed (1983) has given a definition of stakeholder is someone that â€Å"can affect the achievement of an organizations objectives or is affected by the achievement of an organization’s objectives†. Bourne and Walker (2004) suggest that even a project manager was able to deliver the project with the original scope, cost and time, but without the attention of stockholders, a project might probably not be able to success. The conflict in stakeholders must be managed, because it might lead to projects fail (Bourne and Walker, 2005). A stakeholder can be any individual, institution or organization that involves the interaction with the project or business. The stakeholder might effect from project, both direct and indirect, and can be occasional or ordinary contact with the project (Paul, 2013). Identify who are the stakeholders and understand the role of them must be done. London Eye project have many stakeholders who are investing in the project. But the key stakeholders of the project, who have the potential to support and facilitate the project can clearly identify. David Marks and Julia Barfield, who invented the idea of the wheel in 1990 were a press campaign to support the concept. Bob Ayling, Chief Executive of British Airway in that period offered financial and corporate support to this project. In 1997, Tussauds Group was brought into the position of the operator. The London Eye Company Limited, were owned by three owner separate in equal shard. David Marks and Julia Barfield owned one third, The Tussauds Group also owned one third and lastly one third owned by British Airways, who was the leading support during the development phase. Government didn’t support the project, except the construction of new pier, in purpose to protect collision of the wheel. For financing purpose of the London Eye project was provided by Sumitomo Bank and Westdeutsche Landesbank (Tim and Ian, 2000). Mace is the UK’s leading company on the project management, as appointed to be Project Managers in 1998. Seven groups of contractors were chosen to project, they were responsible for building and design as follows: Tilbury Douglas Construction Ltd for Foundations, Civil works and Pier structure, Hollandia BV for Wheel Structure, Pomagalski SA for Capsules and Controls, T Clarke PLC for Electrical Installations, Littlehampton Welding Limited for Boarding Platform and Pier Finishes, Waterers Landscape PLC for Landscaping and Alandale Construction Limited for County Hall Fit-Out (Tim and Ian, 2000). From this we can identify stakeholder as two types; internal stakeholders and external stakeholders. Internal stakeholder can be people who involve in part of the business for example; shareholders, managers and employees. External stakeholders are the people who outside the business such as customers, local community, suppliers, press and government (The British Broadcasting Corporation, 2014). Figure2: Stakeholders Web and Internal External Stakeholder From the figure2 above, researcher attempt to explain the understanding of the internal and external stakeholders of The London Eye by using The Stakeholder Web describe. From internal stakeholders, Shareholders can be British Airways, David Marks Julia Barfield and Tussaudes Group that interested in dividends and growth of shares. Managers and employees are interested in salaries and job security. From external stakeholders, suppliers concerned in delivering services and finished project on time. Government, Tourists, Londoner and also including people around the South Bank area are impacted from the project such as the project might effects to new businesses that can take benefits from London Eye such as bars and restaurants. Traffic around the London Eye maybe influenced because increasing of tourists. All of these influencers can become stakeholders of the project. Stakeholders have different of interests, to manage this conflict it’s necessary to understand the types of stakeholders and what can influence their behavior. By classifying the different groups of stakeholders, using stakeholder power and interest matrix, to organize based on the level of power and interest. Stakeholder classification of power and interest matrix map will make groups of stakeholders easier to understand. Stakeholders can be classified in two big dimensions, of power and interest (Newcombe, 2003; Johnson and Scholes, 1993). The basic concept is who have high power and high interest will be the key players and also need to manage it. Figure3: London Eye stakeholder power and interest matrix From the figure 3 shows that London Eye project stakeholders were classified by level of interest and power. The key players in this case can be British Airway who is supporting the financial and able to control the project. Bank and financial institutions such as Sumitomo Bank and Westdeutsche Landesbank, that provided financial loan. Press and local community didn’t have power, but the project directly effects to their living or career. Same as the government, they didn’t provide the financial support but able to collect taxes from the project. Customers and Londoner can be in the group of minimal effort. The success of The London Eye project definitely involved with the stakeholder management. The well understanding in position and its roll are significant to make this project completed. However, it is not only stakeholder management, variable that leads to the success of the project. Many factors that involved included planning and scheduling of the project also are the important variables. Project Planning and Scheduling Project management planning is one of the important variables that required lists of time, quality and cost. Project management planning depends on types and sizes of project (Lester, 2007). The role of project management can separate into three main areas; 1) It can handle the operational requirement to meet the customer satisfaction, 2) The project must be completed on time and 3) Control and delivery the job on the previous set of constrains budget. Good project planning will lead to success according to these three goals. For more understanding of London Eye planning, researchers will apply Work Breakdown Structure (WBS) is the technique for controlling and planning project. Secondly Gantt chart technique will also use to explain in this project. The Work Breakdown Structure (WBS) To organize the structure of the project, Work Breaking Structure assists the work process. It is similar to the outline of the book or report. WBS is the brief version of work structure that help to perform and focus on plan, track and evaluate of the project (Gregory, 2006). According to the diagram, it consists of three benefits of using WBS, First, WBS are easier to evaluate the cost and time of work. Second, it is easy to break down the work into the small tasks and makes it easier to measure the progress. Third, it eases the separation of the tasks into the team member. Moreover, WBS contains two kinds of tasks: the summary tasks and the work packages. Summer tasks will describe each of the processes in the project, for the work packages describe as the lowest level task that required details to complete. From the figure4 shows The London Eye’s Work Breakdown Structure. WBS identifies the work that should be done, based on researcher’s understanding and assuming. The summary tasks can be divided up to four main tasks; safety, stakeholders (internal and external), physical and organizational. Moreover there are more subordinate level breakdown into each main tasks. For example, in physical tasks and the construction of wheel, capsules and foundation can be described as the lower level task of each level. The Gantt chart The Gantt chart was developed during the World War I invented by Henry Laurence Gantt. The Gantt chart uses to identify the necessary steps to obtain a result of work. The process of doing Gantt chart is worked by projecting schedule, follow step by step, from the final result, analyst activities, timing of process and sequence of tasks (Gregory, 2006). The chart can used to compare the estimated time of the project before, start with initial time on the actual time that really spent. Furthermore, Gantt chart can apply to every project, both in big project and small project. For example, building a factory, making a cup of glass or producing a musical. Figure5: London Eye’s Gantt chart From the figure5 shows The London Eye’s Gantt chart. The researcher is using information from the previous research and available documents to create this Gantt chart (The British Broadcasting Corporation, 2005; Tim and Ian, 2000). From this chart can see that London Eye project used approximately 7 years of planning, finding sponsors, get permits and construction. The London Eye can be estimated as the long project in-term of planning, but comparing to the time on construction is apparently very short compared to this kind of the project. Conclusion of the project The London Eye is one of the most successful projects in many aspects. It’s also one of the most successful in architect design of 21st century. The components of London Eye must be assembled above The Thames River that required high technology to handle the project. The original plan of London Eye was planned to be completed the construction in 2 years, but in, finally it used only 16 months to finish the project. If according to, The Iron Triangle theory said that if one of the three variables was changed, it will affect one of the others too. London was used the budget around 75 million pounds to build, but the project’s time construction is faster than expected and the scope has not changed. Unfortunately, components of London Eyes have to ship up and assemble in the Thames River this made it harder to deliver projects on time (Tim and Ian, 2000). The London Eye is not the ordinary project for both suppliers and project management team. To be able to finish on deadline, all around the prost have to be given to everyone who was a part in this project. Shareholders and investors of the project must spend huge money in order to justify risk of the project. For example, if poor quality and not finished on time happened, this implies that the cost of the project may not be the first priority of concern. Therefore, the time and scope or quality must be the first and second priority of the scope in the project. Mace construction that was controlling the project management team of London Eye should be accredited for the achievement and deliver project before deadline. But if they can decrease time for searching operators and suppliers, it could save the cost of the production because time of construction can reduce cost of production. From the stakeholder management perspectives, it illustrates the conflict of interest in shareholders, as the factor of â€Å"Time† had become a conflict among them. However, British Airway as a big shareholder that support financial fund during the construction had burden the high cost of production and risk. But in terms of marketing, British Airway can promote and impose the branding under the sponsorship deal. British Airway also improves brand image by using London Eye as the presenter of their brand. Recommendation of the project Researcher found that from this paper, it helps to understand theories and concept of project management, which make it easier to manage and deal with the project. The fundamentals of controlling cost, deliver on time and satisfaction in quality are significantly important. Not only the stakeholder management and project planning and scheduling will lead to the success of the project. But risk management, uncertainty management, resource management, scope management and other management aspects should be concerned as part of the success factors in project management. Other aspects of business should be considered as important as project management such as financial, human resource management and costumer relationship management. The London Eye project was won over 25 awards for engineering tourism, innovation and design including; 2003 Queen’s Award for Enterprise Innovation Furthermore, the project can make huge profits from the first few months of opening and had recovered the cost (London Eye, 2014). From this show that minimize cost is not always important for business but deliver customer expectation and requirement sometime is more important. The main problem of this project is about lack of managing for future that effects to cost which increases more that it should be. The project manager should concern this point because when one varies in cost, time and quality of project, it will always affect one the others as a whole. 1

Monday, January 20, 2020

gatdream F. Scott Fitzgerald’s The Great Gatsby - The American Dream :: Great Gatsby Essays

The American Dream   The American Dream was the philosophy that brought people to America and to start a new life in a strange, foreign land. Due to this dream, it was believed that America was the land of opportunity, wealth, and prosperity. The dream consists of three components: all men are equal, man can trust and should help his fellow man, and the good, virtuous and hard working are rewarded. F. Scott Fitzgerald’s novel The Great Gatsby is a condemnation of American Society and focuses on its downfall. This holds true for three of the main characters in the novel, Jay Gatsby, Tom Buchanan, and Daisy Buchanan.   To reach his ideal dream of spending his life with Daisy, Jay Gatsby attains his millions in a corrupt way which help him to replace emotions, and tries to cover it up with lies throughout the novel. In order to become rich, Gatsby engaged in illegal occupations such as bootlegging and being involved in the Mafia. â€Å"He and this Wolfsheim bought and sold grain alcohol over the counter.† (Fitzgerald 134). This is the opposite idea of the American Dream, which states that only the good, virtuous and hard working are rewarded. Gatsby also lies his way through life to conceal his wrongdoing. Gatsby claims that he belongs to a rich family whom provides his way to Oxford and from whom he inherits his riches. â€Å"’I am the son of some wealthy people in the Middle West-all dead now.’† (Fitzgerald 65). Only later on in the novel, does Nick uncover the truth that â€Å"his parents were shiftless and unsuccessful farm people...† (Fitzgerald 99). Gatsb y also relies on money to bring him the comfort of family. Gatsby’s musicians sing, â€Å"The rich get richer and the poor get-children.† (Fitzgerald 96). He attempts to reclaim the loss of family that he experiences through his wealth. Nick describes a story about how Gatsby, â€Å"agreed to pay five years’ taxes on all the neighboring cottages if the owners would have their roofs thatched with straw. Perhaps their refusal took the heart out of his plan to Found a Family...† (Fitzgerald 89). Gatsby takes advantage of wealth to solve his problems.   Members of the upper class such as Tom Buchanan, sacrifice morals and righteousness in order to gain wealth. Tom Buchanan is a man from a wealthy family, yet to Nick; he seems to have lost virtue and kindness. gatdream F. Scott Fitzgerald’s The Great Gatsby - The American Dream :: Great Gatsby Essays The American Dream   The American Dream was the philosophy that brought people to America and to start a new life in a strange, foreign land. Due to this dream, it was believed that America was the land of opportunity, wealth, and prosperity. The dream consists of three components: all men are equal, man can trust and should help his fellow man, and the good, virtuous and hard working are rewarded. F. Scott Fitzgerald’s novel The Great Gatsby is a condemnation of American Society and focuses on its downfall. This holds true for three of the main characters in the novel, Jay Gatsby, Tom Buchanan, and Daisy Buchanan.   To reach his ideal dream of spending his life with Daisy, Jay Gatsby attains his millions in a corrupt way which help him to replace emotions, and tries to cover it up with lies throughout the novel. In order to become rich, Gatsby engaged in illegal occupations such as bootlegging and being involved in the Mafia. â€Å"He and this Wolfsheim bought and sold grain alcohol over the counter.† (Fitzgerald 134). This is the opposite idea of the American Dream, which states that only the good, virtuous and hard working are rewarded. Gatsby also lies his way through life to conceal his wrongdoing. Gatsby claims that he belongs to a rich family whom provides his way to Oxford and from whom he inherits his riches. â€Å"’I am the son of some wealthy people in the Middle West-all dead now.’† (Fitzgerald 65). Only later on in the novel, does Nick uncover the truth that â€Å"his parents were shiftless and unsuccessful farm people...† (Fitzgerald 99). Gatsb y also relies on money to bring him the comfort of family. Gatsby’s musicians sing, â€Å"The rich get richer and the poor get-children.† (Fitzgerald 96). He attempts to reclaim the loss of family that he experiences through his wealth. Nick describes a story about how Gatsby, â€Å"agreed to pay five years’ taxes on all the neighboring cottages if the owners would have their roofs thatched with straw. Perhaps their refusal took the heart out of his plan to Found a Family...† (Fitzgerald 89). Gatsby takes advantage of wealth to solve his problems.   Members of the upper class such as Tom Buchanan, sacrifice morals and righteousness in order to gain wealth. Tom Buchanan is a man from a wealthy family, yet to Nick; he seems to have lost virtue and kindness.

Sunday, January 12, 2020

Hesitation of Managed Care to Use Data Mining Essay

One of the biggest hesitations would have to be cost to build an implement such a system. The technique depends on an organization having â€Å"clean† data to analyze, which requires data being scrubbed and moved to data warehouses. Many payers lack the money and manpower to build and maintain these warehouses. (Kongstvedt, P., Capagemini). In addition, internal politics and the numerous constituencies within a managed care organization can make it difficult to focus data mining efforts, says Scott Kozicki. What has changed in this industry to adopt data mining? The demand for more organizations to become more efficient, customers are demanding more and better services in shorter amounts of time. Another change would have to be HIPAA, which stands for Healthcare Information Portability and Accountability Act of 1996, it was a law that has many different facets to it one of which protects your private health information. The standards mandated by HIPAA have made the data â€Å"cleaner† and streamlines the analysis efforts. What complexities arise when data mining is used in health care organizations? One thing that makes data mining in health care organizations complex is just the same as what has helped get it going, HIPAA. Even though it has created standard rules for cleaning data, it requires that you encrypt information being transmitted over the internet, which adds costs to doing so. Some organizations only require it on certain transactions, but some want it done on every transaction. Doing this can increase the cost significantly causing it to raise the costs back up, making it not as feasible to use this practice. Assume you are an employer and that your managed care organization raises your rate based on the results of data mining and predictive modeling software. What are your opinions? What would help make up your mind in regards to adopting these rate changes? My opinion would vary depending on what type of data they were using and where they got the data from, was it from our employees or a group similar to ours. I would be okay with the rate change as long as they could prove they used data from my specific employees and they had significant data supporting their reasons for the increase in rates.

Saturday, January 4, 2020

The Consumer Protection Act - Free Essay Example

Sample details Pages: 9 Words: 2586 Downloads: 9 Date added: 2017/06/26 Category Law Essay Did you like this example? Summary of Chapter 2: The first part of Consumer Protection Act 1987 is implementing the 1985 EC Directive on Product Liability. Section 2 imposes a new statutory liability on the manufacturer of a faulty product which causes physical harm to a person or other property.[1] The 1987 Act imposed strict liability on manufacturers and producers even in absence of a fault on their part. Many authors, academics and jurists welcomed this no-fault liability approach taken as a result of the 1987 Act.[2] The 1987 Act gave the consumers with a new cause of action in the consumer law context which now exists alongside the causes of action in contract law and in the law of negligence. Don’t waste time! Our writers will create an original "The Consumer Protection Act" essay for you Create order Parliament intended to confirm severe consequences for damages caused by defective goods, hence liability is made strict. Although the claimant need not show fault in the manufacturing process or elsewhere, he will have to prove defect in the product and also that this defect resulted in loss to consumer. Therefore, the two basic requirements a claimant will need to prove in order to succeed in recovering compensation from manufacturers are defective product and the causal link between the defect and loss suffered. According to the definition provided for in Section 3(1) of the 1987 Act, a product is defective if its safety is not such as persons can generally expect. Section 3(1) therefore provides a à ¢Ã¢â€š ¬Ã‹Å"consumer expectationà ¢Ã¢â€š ¬Ã¢â€ž ¢ test that has certain gaps. The law does not state the answer as to what a person should generally be entitled to expect. Neither does the 1987 Act provide specific standard against which the conduct of the manufacturer can be mea sured. Clearly, the focus of the test is on personal safety but in the absence of any concentrated treatment as to the standard to be expected from a product. An attempt to construe the term widely has been taken by relevant case laws.[3] But again few cases have been and therefore it cannot be said with confidence that they laid down strong guidelines. Some recent cases have demonstrated reluctance to treat the Section 3 definition broadly.[4] On the substance of obvious vagueness in the meaning of defect in Section 3(1), the 1987 Act makes references to a rundown of variables that must be considered by the Courts while considering the safety of the item. The Court ought to consider the reason for which the item was promoted, directions and warnings, and what may be sensibly anticipated that would be finished with the item and the time when the item was supplied by its maker. The reality in this way remains that a product will not be flawed just if damage results from the produc t. It can likewise be the situation that the components recorded under Section 3(2), can make a perilous item safe for the purposes of the Act.[5] The Court ought to consider the reason for which the product was advertised, guidelines and warnings, and what may be sensibly anticipated that would be finished with the product and the time when the product was supplied by its maker. The actuality along these lines remains that an item wont be blemished just if damages result from the product. It can likewise be the situation that the factors recorded under Section 3(2), can make a faulty product safe for the purposes of the 1987 Act. The issues with the definition of à ¢Ã¢â€š ¬Ã…“defective productà ¢Ã¢â€š ¬Ã‚  are large in number. The Section 3(1) definition is extremely unclear and the consumer might find it complex to fulfil this unspecified test. Section 3(2) might help a manufacturer escape liability even if damages resulted from his products. The buyers may not have the ca pacity to prove by citing using expert evidence that the product was faulty due to the deficiencies of the statutory meaning of defect. There is a lack of authority in case law regarding resolving the issues as very few cases come before the Courts under the 1987 Act. Then again, it can be contended that the issue with the meaning of defective product is decently supported. Risk is strict and henceforth makers will be considered mindful regardless of the possibility that they are not at fault. Section 3 would then aid the manufacturer to demonstrate that the product is not defective according to the prerequisites of law. From this point of view, apparently, the law strikes a parity leaving something for the maker to contend to support them also. On the other hand, remembering the setting of the Act and intention to protect consumers, the risky meaning of defective product ought to offer ascent to concerns which ought to be tended to as needs be. Common law protection Despite t he introduction of strict liability for defective products by the 1987 Act, common-law liability remains. It is not unusual for an injured party to rely on the tort of negligence, for instance in cases where the claimant has exhausted the limitation period or in a case where the damaged property was intended for commercial use. With a specific end goal to profit from such protection it is not sufficient to demonstrate that the product had a defect any longer. The potential claimant must show that the accused maker owed him/her a duty of care, that this duty was breached by not taking reasonable care, and that this breach was the principle or possibly significant reason for the damage. He/she will then need to show that such harm was reasonably foreseeable. As mentioned above, Donoghue v Stevenson made clear that a manufacturer owes a duty of care to the ultimate consumer of his products. In practice, it will be enough for the claimant to adduce sufficient evidence to justify t he inference of the manufacturerà ¢Ã¢â€š ¬Ã¢â€ž ¢s negligence without being required to specify what caused the defect. Damages awarded in a successful negligence claim are generally intended to compensate for any losses incurred by the claimant as a result of the negligently caused defect. Damages are available for death or personal injury caused to the claimant and for damage to his or her property, other than damage to the defective product itself, which is generally not recoverable. Pure economic loss caused by the defect is not recoverable. Although the usual remedy is compensatory damages, exemplary or punitive damages are available in principle when the defendant has shown a deliberate, total disregard for the claimantà ¢Ã¢â€š ¬Ã¢â€ž ¢s rights, in addition to a very high degree of negligence. Having said that, in practice the courts are reluctant to award exemplary damages. Summary of Chapter 3: Although the 1987 Act provisions strict liability on the manufactur ers, it also provides provisions for defences that might be relied upon by the defendants once the claimant proves loss suffered from defective products. The statutory defences are contained in sections 4, 6(4) and 6(5) of the 1987 Act. It can be safely concluded that the only controversial defence under the Act is the defence stated in section 4(1)(e), the other provisions being fairly simple.[6] Moreover, inconsistency in the judicial approach to this defence poses further problem in relation to the defence. As with the meaning of defect, the reported case laws on section 4(1)(e) defence is very few and hence the guidelines have not been so convoluted. Section 4(1)(e) defence is also known as à ¢Ã¢â€š ¬Ã…“development risk defence.à ¢Ã¢â€š ¬Ã‚ [7] Section 4(l)(e) states that it is a defence if the defendant is able show that the state of scientific knowledge at the time that the product was supplied by the defendant was not such as that a manufacturer of similar products mi ght be expected to have discovered the defect. It seems that the language of the defence suggests it would be available when the defect is not noticeable in the context of the knowledge available. Again, this is a very wide defence which might be invoked by any manufacturer. As knowledge of the producer becomes a major factor in this defence, the strict liability element under the 1987 Act gets reduced. This is why the defence is said to be controversial. However, on balance the defence has justification. It only comes into play once defect is proved by the claimant. The burden of proof lies with the defendant to prove this defence and there is a presumption that manufacturers have knowledge of the defect in the product unless proven otherwise. Therefore, it can be argued that it is not an easy defence to successfully plead because of the nature of burden imposed on the manufacturers. Section 4(1)(e) reveals that the 1987 Act has tried to bring subjectivity into the objective nature of the defence originally provided in the Directive. The defence has been tested, however unsuccessfully, in the Court of Justice.[8] The Court of Justice found that the wording of Section 4(1)(e) is not conflicting with the Union methodology and thus the defence under the 1987 Act was found to have been truly authorized. The Court of Justice, be that as it may, kept up that the UK courts would need to approach the defence in accordance with EU law and case laws judged by the Court of Justice. This perspective was accordingly acknowledged and connected in of A and Abouzaid. The defence would not cover a defect of a known character and thus it has very limited implications.[9] Alternate necessities of Section 4(1)(e) has made it an extremely troublesome defence to argue. In any case, Chadwick LJ has kept up that this defence may confine the part of strict product liability.[10] Other case laws held that the defence can only be relied upon in cases where the risk is unforeseeab le risks,[11] and therefore the scope of pleading the defence is very constricted. On parity, regardless of the fact that the defence looks extremely disputable, there are different adjusting components that are portrayed above in light of which it can be contended that the development risk defence wont make any issue in holding the makers strictly liable for defective products. Conclusion: Strikingly little utilization has been made of the Consumer Protection Act 1987 since its sanctioning on March 1, 1988. Regardless of the appearing appeal to consumers of a compensation framework taking into strict liability without flaw, buyers have for the most part decided to benefit themselves of different remedies. An obvious advantage of statutory product liability regime as opposed to negligence-based product liability is that it establishes a strict liability regime and therefore removes the requirement to prove fault in relation to defectiveness of the relevant product. By the b y, in light of the above discussions, it creates the impression that the UK has a successful consumer protection administration at present. By forcing an extremely strict liability initiative for flawed products on somebody who is regarded to be the maker of the item, the law-making body has been fruitful in lessening number of injuries or deaths caused by defective products. The Act gives, or if nothing else, looks to give, a course for the customer to look for change against the individual who is eventually in responsible for the loss suffered. Part I of the Consumer Protection Act 1987, by implementing the EC Product Liability Directive, introduces strict (no-fault) liability for death, personal injury and damage to personal property caused wholly or partly by a defect in any product.[12] Accordingly the Act makes a radical and expansive legitimate administration for product liability and product safety which is essentially vital to protect consumers. From the start, the Act m akes it all that much less demanding for injured parties to bring, and succeed in, pay claims. The rules supplement existing UK civil law on product liability rather than replacing it.[13] For effectively bringing a claim under the 1987 Act, the claimant would need to demonstrate that he has suffered loss and damage that has been brought about by a defect in the product. Along these lines, the importance of defective product has generous significance in this connection and the same has been depicted, however in dubious and loose terms, in Section 3(1) of the 1987 Act that accommodates an extremely wide consumer expectation test. The meaning of à ¢Ã¢â€š ¬Ã…“defectà ¢Ã¢â€š ¬Ã‚  lies in the grey and is neither clear nor straightforward. It is uncertain as to what persons generally are entitled to expect. Despite the fact that A v National Blood Authority has endeavoured to give the term a more extensive significance, the Court of Appeal chose to translate the term prohibitiv ely in Tesco Stores Ltd v Pollard. Additionally, the purchaser may think that it hard to demonstrate to the Courts fulfilment that the item has been defective because of absence of expert evidence. Besides, the factors under Section 3(2) would need to be considered by the Court while surveying the product defect and this may be to some degree worthwhile for the manufacturers who might have the capacity to demonstrate that they have taken steps to minimise or avoid the danger. These encompassing contentions with respect to the test of defective product have made the law in this admiration truly unverifiable that ought to be a matter of concern in the consumer protection context. The alleged development risk defence accessible for the manufacturers under Section 4(1)(e) of the 1987 Act has been termed as a disputable defence by numerous academics, judges and authors.[14] The defence disputably gives procurement to exception from liability of the manufacturers can demonstrate that t he defect was not reasonably discoverable in the light of accessible knowledge. Seemingly, this some way or another undermines the strict liability framework brought into force by the 1987 Act as the defendants knowledge would likewise get to be to a degree significant while deciding their liability. The Act has attempted to bring some subjectivity into the objectivity of the defence initially gave in the European Directive. Then again, three focuses may be raised while supporting this defence. Firstly, the defence is reliable with the soul and intention of the European Directive and this is expressed by the Court of Justice itself.[15] Besides, the defendant bears a substantial burden in the event that he wishes to argue this defence in light of the fact that the assumption is that the maker knows of the defect unless the proved to the contrary. At last, the defence must be argued in appreciation of unforeseeable dangers,[16] known risks are not covered. Henceforth it can be con tended that the development risk defence does not represent any certifiable risk towards the strict liability administration presented under the Act. The success of the claimants in A and Others has come as a welcome confirmation that despite the inclusion of the development risks defence, some of the reforms has been achieved. 1 | Page [1]Jane Stapleton à ¢Ã¢â€š ¬Ã‹Å"Software, information and the concept of productà ¢Ã¢â€š ¬Ã¢â€ž ¢ (1989) 9 Tel Aviv U. Stud. L. 147 [2] Geraint Howells and Mark Mildred à ¢Ã¢â€š ¬Ã‹Å"Infected Blood: Defect and Discoverability A First Exposition of the EC Product Liability Directiveà ¢Ã¢â€š ¬Ã¢â€ž ¢ (2002) 65 Mod. L. Rev. 95 [3]A v National Blood Authority [2001] 3 All ER 289 [4]Tesco Stores Ltd v Pollard [2006] EWCA Civ 393; (2006) 103(17) L.S.G. 23 (CA (CivDiv)) [5] Consumer Protection Act 1987, s 3(2) [6] The Rt. Hon. Lord Griffiths à ¢Ã¢â€š ¬Ã‹Å"Developments in the law of product liabilityà ¢Ã¢â€š ¬Ã¢â€ž ¢ (1987) 12 Holdsworth L. Rev. 1, 13 [7] Simon Deakin, Angus Johnston, Basil Markesinis, Markesinis and Deakinà ¢Ã¢â€š ¬Ã¢â€ž ¢s à ¢Ã¢â€š ¬Ã¢â‚¬Å" Tort Law (6th edition, Oxford University Press 2008) 739 [8]Commission v UK Case C-300/95, [1997] ECR I-2649; [1997] All ER (EC) 391 [9]Richardson v LRC Products Ltd [2000] Lloydà ¢Ã¢â€š ¬Ã¢â€ž ¢s R ep Med 280 [10]Abouzaid v Mothercare (UK) Ltd [2001] All E.R. (D) 2436, CA [11]A v National Blood Authority [2001] 3 All ER 289 [12]Linda Spedding à ¢Ã¢â€š ¬Ã‹Å"New Product Liability and Safety Regime in the UKà ¢Ã¢â€š ¬Ã¢â€ž ¢ (1988) 16 Intà ¢Ã¢â€š ¬Ã¢â€ž ¢l Bus. Law [13]Linda Spedding à ¢Ã¢â€š ¬Ã‹Å"New Product Liability and Safety Regime in the UKà ¢Ã¢â€š ¬Ã¢â€ž ¢ (1988) 16 Intà ¢Ã¢â€š ¬Ã¢â€ž ¢l Bus. Law [14] The Rt. Hon. Lord Griffiths à ¢Ã¢â€š ¬Ã‹Å"Developments in the law of product liabilityà ¢Ã¢â€š ¬Ã¢â€ž ¢ (1987) 12 Holdsworth L. Rev. 1, 13 [15]Commission v UK Case C-300/95, [1997] ECR I-2649; [1997] All ER (EC) 391 [16]A v National Blood Authority [2001] 3 All ER 289