Trusted Platform Module (TPM)

Trusted Platform Module (TPM) Trusted Platform Module (TPM) is a term used to define a chip or microcontroller. This chip or microcontroller can be placed into a motherboard configuration such as devices like mobile devices, or a personal computer (PCs). The requirements and application was presented and established by the Trusted Computing Group (TCG), to deliver a solution where a reliable and genuine relationship exists amongst hardware and software configurations. This facility was executed through cryptographic and hashing algorithms. Additional, TPM offers remote confirmation, a verification and authentication process for other third party software. TPM is a global standard for a protected crypto processor, which is a devoted microcontroller or chip intended to protect hardware by joining cryptographic keys into devices. TPMs technical requirements were established and written by TCG and launched in 2003. TCG was created as a nonprofit from inception and known to have brands like Microsoft, IBM, Intel, and Hewlett-Packard as clients. TPM just as well as others has flaws, and suffers from attacks. These attacks include offline dictionary and OIAP attacks; nevertheless, when joined with other endpoint control systems like multifactor authentication, network access control, and malware detection, TPMs contribution to a sound security platform is valid. (Sparks, 2007) This survey is a complete review of research conducted on TPM, its components, mechanisms, application, and authorization protocols. Furthermore, a description of some common attacks to which TPM has been a victim will be presented. Finally, more recent and future implementations will be discussed, such as the incorporation of TPM within mobile and smart devices and even within cloud computing. First, it is important to start with an overview of the TPM specification, its components, and its purpose. The TPM background section discusses in some detail an overarching summary of TPM. This will include what the motivations and advantages are to using TPM as well as how the different types of keys function. Also discussed is the evolution of TPM over time in how it functions in both its hardware encryption but also its capabilities. 2.1 TPM Summary A Trusted Platform Module (TPM) is a cryptographic coprocessor that replaced smart cards in the 1990s and then became present on most commercial personal computer (PCs) and servers. TPMs are almost ubiquitous in computer hardware and typically not seen by users because of the lack of compelling applications that use them. However, this situation has changed effective with TPM version 1.16 by adding the Federal Information Processing Standards (FIPS) bit which is a static flag that verifies if the device or firmware the TPM is attached to is FIPS 140-2 cryptographic module compliant. This compliance is then registered by the consolidated validation certificates granted when FIPS 140-2 is validated and are then registered and published at NIST as public record listed alphabetically by vendor located at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm. (TCG FIPS 140-2 Guidance for TPM 2.0, ver 1, rev.8, 2016) Therefore, the line of thinking of TPM has increasingly becom e one of importance and an essential ingredient to cryptographic defense community whom are required to prove their FIPS 140-2 compliance. However, this was not always the case since security was not a mainstream issue in the early years of the Internet. 2.2 Motivation to use TPM The motivation for TPM began decades after the advent of what is known as the Internet. From the creation of Advanced Research Projects Agency (ARPA) in 1969 it took almost nineteen (19) years for us to become aware of the first known exploit called the Internet Worm in 1988. (Pearson Education, Inc., 2014) Until this time the focus had always been on the development of the computer with no security hardware and software that was easy to use. There was a real concept of information security threats. However, in the 1990s there was the concept of the potential of commerce the Internet would have and the need to secure the PCs that would exchange with that commerce. This prompted many computer engineers to convene and form and develop the first TPMs which became known to be as the Trusted Computing Group (TPM: A Brief Introduction, 2015). A main objective of this group was a cost effective approach to create a hardware anchor for PC system security on which secure systems could be buil t. This first resulted in a TPM chip that was required to be attached to a motherboard and the TPM command set was architected to provide all functions necessary for its security use cases. 2.2.1.Evolution TPM has evolved considerably over the years to become the trusted platform it is today. The earlier TPM 1.2 standard was incorporated into billions of PCs, servers, embedded systems, network gear and other devices, the evolving Internet of Things and increasing demand for security beyond traditional PC environment led TCG to develop a new TPM specification, which recently was adopted as an international standard ISO/IEC 11889:2015. For more flexibility of application and to enable more widespread use of the specification, TCG created TPM 2.0 with a library approach. This allows users to choose applicable aspects of TPM functionality for different implementation levels and levels of security. Also, new features and functions were added, such as algorithm agility, the ability to implement new cryptographic algorithms as needed (Trusted Platform Module (TPM): A Brief Introduction, 2015). ISO/IEC 11889-1:2015 ISO/IEC 11889-1:2015 defines the architectural elements of the Trusted Platform Module (TPM), a device which enables trust in computing platforms in general. Some TPM concepts are explained adequately in the context of the TPM itself. Other TPM concepts are explained in the context of how a TPM helps establish trust in a computing platform. When describing how a TPM helps establish trust in a computing platform, ISO/IEC 11889-1:2015 provides some guidance for platform requirements. However, the scope of ISO/IEC 11889 is limited to TPM requirements (Trusted Platform Module (TPM) Summary, 2008). 2.3 TPM Working Functionality The TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform on a PC or laptop. These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. This is critical because Authentication and attestation are necessary to ensure safer computing in all environments. Trusted modules can be used in computing devices other than PCs, such as mobile phones or network equipment (Trusted Platform Module (TPM) Summary, 2008). . Figure 1: Components of a TPM 2.3.1 Hardware-based cryptography This cryptography makes certain that the data stored in hardware is guarded against malicious threats such as external software attacks. Also, many types of applications storing secrets on a TPM can be developed to strengthen security by increasing the difficulty of access without proper authorization. If the configuration of the platform has been altered as a result of unauthorized activities, access to data and secrets can be denied and sealed off using these applications. TPM is not responsible for control of other proprietary or vendor software running on a computer. However, TPM can store pre-run time configuration parameters, but it is other applications that determine and implement policies associated with this information. Also, processes can be made secure and applications such as email or secure document management. For example, if at boot time it is determined that a PC is not trustworthy because of unexpected changes in configuration, access to highly secure applications can be blocked until the issue is remedied. With a TPM, one can be more certain that artifacts necessary to sign secure email messages have not been affected by software attacks. And, with the use of remote attestation, other platforms in the trusted network can make a determination, to which extent they can trust information from another PC. Attestation or any other TPM functions do not transmit personal information of the user of the platform. 2.3.2 Capabilities TPM can improve security in many areas of computing, including e-commerce, citizen-to-government applications, online banking, confidential government communications and many other fields where greater security is required. Hardware-based security can improve protection for VPN, wireless networks, file encryption (as in Microsofts BitLocker) and password/PIN/credentials management. TPM specification is OS-agnostic, and software stacks exist for several Operating Systems. 2.4TPM Components Trusted Platform Module (TPM) is the core component of trusted computing. TPM is implemented as a secure hardware chip and provides the hardware Root of Trust. TPM has been designed to provide trusted computing based on Trusted Computing Group (TCG) specifications. TPM functions can be implemented either in hardware or software. A secure cryptographic chip (Figure 2) can be integrated on the motherboard of a computing device according to TPM 1.2 specifications (Angela, Renu Mary, Vinodh Ewards, 2013). Figure 2: A TPM 1.2 Chip (Source http://www.infineon.com) A logical layout of the TPM is represented below (Figure 3) along with the TPM components. Figure 3: TPM Component Diagram (Zimmer, Dasari, Brogam, 2009) Information flow is managed by the I/O component through the communication bus. The I/O component handles routing of messages to various components within the TPM and establishes access control for TPM functions and the Opt-in component. The non-volatile memory in the TPM is a repository for storing the Endorsement Key (EK) and the Storage Root Key (SRK). These long-term keys are the basis of key hierarchy. Owners authorization data such as password and persistent flags are also stored in the non-volatile memory (Trusted Computing Group, 2007). Platform Configuration Registers (PCR) are reset during power-offs and system restarts and can be stored in volatile or non-volatile region. In TPM v 1.1, minimum number of registers that can be implemented is 16. Registers 0-7 are allocated for TPM usage leaving the remaining registers (8-15) to be used by operating system and applications (Angela, Renu Mary, Vinodh Ewards, 2013). In TPM v 1.2, number of registers can be 24 or more and categorized as static PCRs (0-16) and dynamic PCRs (17-22). The Program Code, also known as Core Root of Trust for Measurement (CRTM) is the authoritative source for integrity measurements. Execution engine is responsible for initializing TPM and taking measurements. The execution engine is the driver behind the program code. RNG (Random Number Generator) is used for generating keys, nonce creation and to fortify passphrase entropy. The SHA-1 engine plays a key role in creating key Blobs and hashing large blocks of data. TPM modules can be shipped with various states ranging from disabled, and deactivated to fully enabled. The Opt-in component ensures the state of TPM modules during shipping. The RSA engine can be used for a variety purposes including key signing, encryption/decryption using storage keys and decryption using EK. The AIK (Attestation Identity Key) is an asymmetric key pair typically linked to the platform module that can be used to vouch for the validity of the platforms identity and configuration. The RSA key generation engine are used for creating symmetric keys of up to 2048 bits. 2.5 TPM Keys TCG keys can be categorized as signing or storage keys. Other key types defined by TCG are Platform, Identity, Binding, General and Legacy keys (Trusted Computing Group, 2007). Signing keys can be classified as general purpose keys and are asymmetric in nature. Application data and messages can be signed by the TPM using signing keys. Signing keys can be moved between TPM devices based on restrictions in place. Storage keys are asymmetric keys and primarily used for encrypting data and other keys as well as for wrapping keys. Attestation Identity Keys (AIK) are used for signing data pertaining to the TPM such as PCR register values. AIK are signing keys that cannot be exported. Endorsement Key (EK) is used for decrypting the owner authorization credentials as well as cryptic messages created by AIK. EK is not used for encryption or signing and cannot be exported. Bind keys (symmetric keys) come in handy to encrypt data on one platform and decrypt it on a different platform. Legacy keys can be imported from outside the TPM and used for signing and encrypting data. Authentication keys are responsible for securing the transport sessions related to TPM and are symmetric in nature. Endorsement Key (EK) in the TPM plays a critical role to maintain system security. TPM uses a private key EK to generate other keys which are bound to a specific EK. EK should be secured and protected from being compromised. A 160-bit AIK authentication value is necessary to use the AIK by TPM (Sparks, 2007). The parent key used for generating other keys should be loaded first and authenticated by users before TPM can load all other keys. The EK is unique to the TPM and embedded within the tamper resistant non-volatile memory (Angela, Renu Mary, Vinodh Ewards, 2013). Public EK is used for creating AIK certificates and during the process of encrypting data within the TPM. The private key pair of EK is not touched when generating signatures. Multiple AIKs can be stored within a TPM to ensure anonymity between various service providers requiring proof of identity. AIK keys should be stored in secure external storage (outside the TPM) to make them persistent. AIKs can be loaded on to th e volatile memory in the TPM when in use. TPM has a Storage Root Key which stays persistent. Keys are not stored permanently in TPM due to limited storage space. A brief description of the process involved in key generation, encryption, and decryption in TPM is outlined below (Osborn Challener, 2013). A new RSA key is generated by the TPM when a key creation request is initiated by a software. TPM concatenates a value to the RSA key, appends authorization data and then the data is encrypted using the public section of the Storage Root Key and sends an encrypted blob to the requested software. A request is sent for the key to be retrieved from the blob storage when requested by the software program. TPM uses the Storage Root Key for decryption and validates the proof value and password before loading the key into TPM memory. This loaded key is referred to as the parent key and can be used for subsequent key creation forming key hierarchies. The TMP security section discusses in some detail the various ways in which security is implemented and vulnerable. TPM authorization protocols in both version 1.2 and version 2.0 are addressed. Several examples of different types of TPM vulnerabilities are outlined as well as ways to verify the integrity of the system to protect against this vulnerabilities and what the future holds for TPM. 3.1 TPM Authorization Protocols TPM 1.2 Authorization The basic definition of TPM authorization is the process of verifying that software is allowed to use a TPM key. For TPM 1.2 this process is accomplished by utilizing a couple basic commands in an authorization session; typically using passwords or values stored in the Platform Configuration Registers (PCRs) which are referred to as authorization data. The three types of authorization sessions for TPM 1.2 are: Object Independent Authorization Protocol (OIAP), which creates a session that allows access to multiple objects, but works only for certain commands; Object Specific Authorization Protocol (OSAP), which creates a session that can manipulate only a single object, but allows for new authorization transfer; and Delegate-Specific Authorization Protocol (DSAP), which delegates access to an object without disclosing the authorization data (Nyman, Ekberg, Asokan, 2014). Commands are then used to manipulate the keys within an authorization session. Software can prove that it is trusted by sending a command which includes the password hash to verify it has knowledge of the password. Also the locking of non-volatile random-access memory (NVRAM) to PCRs and particular localities is utilized for two different authorizations; one for reading and one for writing. While effective, these authorization mechanisms created a relatively rigid authorization system which make it difficult to administrate the sharing of TPM keys and data (Osborn Chaneller, 2013). 3.1.2 TPM 2.0 Authorization The implementation of TPM 2.0 on the other hand, takes a couple different approaches by introducing enhanced authorization (EA). EA takes methods from the TPM 1.2 authorization methods and improves upon them by incorporating features mentioned in Table 1 below. Table 1. TPM 2.0 Authorization Feature Description Passwords in the clear Reduces overhead in environments where the security of hash message authentication (HMAC) may not be feasible due to its extra cost and complexity HMAC key In some cases when the software talking to the TPM is trusted but the OS is untrusted (like in a remote system), it could be useful to use HMAC for authorization the same way as used in TPM 1.2 Signature methods Allows IT employees to perform maintenance on a TPM by authenticating using a smart card or additional data such as a biometric fingerprint or GPS location. This ensures that passwords cant be shared or compromised by unauthorized users and that an additional verification check is conducted PCR values as a proxy for system boot state If the system management module software has been compromised, this prevents the release of the full-disk encryption key Locality as a proxy for command origins Can be used to indicate whether a command originated from the CPU in response to a special request. Time Can limit the use of a key to certain times of the day Internal counter values Limits the use of an object so that a key can only be used a certain number of times indicated by an internal counter Value in a non-volatile (NV) index Use of a key is restricted to when certain bits are set to 1 or 0 NV index Authorization is based on whether the NV index has been written Physical presence Requires proof that the user is physically in possession of the platform (Table created with information from (Arthur, Challener, Goldman, 2015)) These features can be combined to create more complex policies by using the logical operators AND or OR which allows for the creation of policies to include multifactor/multiuser authentication of resources, limited time constraints for resources, and/or revocation of resources. (Arthur, Challener, Goldman, 2015). 3.2TPM Vulnerabilities When ranked against other standards, TPM comes in as highly secure but that isnt to say that it is immune to all attacks. There are several vulnerabilities that can allow an attacker to circumvent TPMs level of security. The sections below explain a few vulnerabilities that attackers can use to exploit TPM, and the mitigation techniques one could deploy to manage the risk. Dictionary Attack TPM authorization relies on a 20-byte authorization code that is sent by the requestor which if not properly locked down can result in an attacker guessing their way past the authorization. TPM issues guidance on how best to mitigate and prevent these attacks; however, the guidance is not very detailed and rather leaves the specifics up to the implementer. For example, one could implement a design that has TPM disable further input whenever it encounters more than 3 failed attempts. This would effectively prevent online dictionary attacks and has the added benefit of also preventing Denial-of-Service attacks. Weve spoken about preventing online dictionary attacks but where the threat truly comes into play is with an offline-based attack. This vulnerability comes into play when the authorization code is easily guessable, or in other words, poorly implemented. An attacker could observe a given command, the associated Key-Hash Message Authentication Code (HMAC) sent by the requestor and finally, the TPM response back. Since the HMAC is created from the authorization code, session handle and nonces; an attacker can utilize a dictionary attack to try different nonces and authorization codes with the given HMAC algorithm. A match would then provide the attacker with the correct authorization code. This offline attack bypasses TPMs lockout policy and though the attacker but sift through the random nonces and authorization codes, the method is a viable means of attack because it can be reasonably executed given the availability of time and computing resources. The mitigation for this comes down t o proper configuration and ensuring that the authorization code is not easily guessable. DRAM Attack Though this attack is not directly against TPM, it is worth mentioning as it is a viable way to circumvent TPMs security authorization protocols. TPM maintains its keys within non-volatile memory within the TPM component; however, when these keys are pulled by a requestor or requesting application, they are stored within Dynamic Random Access Memory (DRAM). It is well known that one can easily exploit DRAM to extract valuable information (keys, passcodes, etc) with this even being demonstrated against Microsofts BitLocker encryption utility. During reboot, Windows would load the encryption keys stored within TPM into DRAM, prior to even prompting the user. Given this, an attacker could go in and dump the raw memory to an external device, obtain the keys, then utilize those keys to decrypt the disk. This flaw enabled attackers to gain access to data on stolen laptops, even with full disk encryption. This hits on how a system is designed and ensuring that every detail is accounted for. Even if your system has a TPM, it is only going to be as secure as the weakest component within the overall system. OIAP Replay Attack Replay attacks are a method used by many attackers across a multitude of systems. TPM is no exception and is vulnerable to replay attacks based on several characteristics. First, a TPM Object-Independent Authorization Protocol (OIAP) session can be left open for an indefinite period. The authorized session is only closed by the requestor whenever an abnormal message is received and finally, the HMAC that wraps the message can detect alterations to the message but cannot distinguish between a deliberate alteration and a simple network error. For example, an attacker would first capture a requestors authorized command for later use. The attacker then sends an abnormal message to the requestor which then fools it into resetting the session. The requestor is unable to distinguish between the abnormal message and a network error so no concern is raised. Since there is no concern, the TPM keeps the authorized session open, allowing the attacker the ability to replay the previously captured command through the open session. This could lead to the attacker being able to corrupt or even overwrite a subsequent command issued by the requestor. The TPM would not be able to notice this type of attack which is truly concerning based upon the foundational principles of TPM and its assurance of being able to detect unauthorized modifications to data. 3.3TPM Attestations Attestation is the method a platform uses to prove to another platform that it is in a particular configuration by using a digitally signed set of cryptographic hash values which creates a trust between platforms (Fisher, McCune, Andrews, 2011). The network server first creates a cryptographic random value (used to prevent replay attacks) called a nonce, which is then sent to the client. Software on the client then sends the nonce to the TPM and specifies an identity key. The TPM hashes the PCR values along with the nonce and then signs the hash with a private key. The client software sends this back to the server which then verifies the platform configuration by comparing the public portion of the identity key. This process provides hardware-based assurance that software on these platforms has not been modified. (Osborn Chaneller, 2013). Figure 5 provides a visual representation of attestation as provided by (Osborn Chaneller, 2013) Figure 5: Attestation In order for the attestation process to be valid however, it must be able to be proven that the TPM values from the client are not being spoofed. This can be accomplished using a couple of key components: attestation identity keys (AIK), which are created by the TPM and securely stored on disk before being reloaded into volatile TPM memory; endorsement keys (EK), which are hardcoded by the manufacturer into the TPM chip; and a privacy certificate authority (CA), which is a third-party validation entity. The first step of this process occurs when the public half of the AIK and EK is sent to the CA. The CA then uses the public EK certificate to verify that the request comes from a valid TPM by comparing it to a list of all valid TPM manufacturers public keys. The CA then puts the public AIK in a certificate and encrypts it with the public EK. This ensures that the only party that can decrypt it is the computer with the AIK of the corresponding TPM, thus confirming that the TPM from the requesting platform is trusted, and therefore, the attestation method is trusted as well. (Uppal Brandon, 2011). 3.4Application of TPM With the ever-evolving landscape of technology, there is an increased need for faster, more reliable and more secure methods of protecting private and personal data. TPM is a product of those evolving requirements and has thus been incorporated into many different sets of applications. This section will expand upon those sets of applications and delve into how TPM is utilized within the industry today. Encryption One of the most popular uses of TPM is to ensure the confidentiality of user data by providing full encryption capabilities for disks and file systems. The full disk encryption utilizes symmetric encryption with a key created from the users supplied passcode and used during the initial configuration and system boot. This protects against the loss of the disk drive and serves to facilitate disposal or repurposing of the drive since deleting the keys will result in the drive being wiped. The same method is utilized for the encryption of file systems and can be done so to protect specific nodes. Policy Enforcement With Bring-Your-Own-Device (BYOD) policies becoming more and more prevalent within the commercial businesses, TPM has found a use as a policy enforcement mechanism for remote access. TPM can be used to establish trust and verify a devices integrity before allowing remote connection to an organizations intranet. This utilization of TPM is comprised of a series of hashes that measure the predefined sequence of code loads, starting with the boot of the BIOS through the loading of the applications. The chain of hash measures are then compared to the stored value in order to validate the systems integrity. This is very useful for establishing the base operating environment and developing a baseline with which access control policies can be developed. Password Protection TPM protected storage provides a method of storing encryption/decryption keys as well as providing utility management of user passwords. Typically, the password manager retrieves the then encrypted password from TPM, decrypts it, and then sends it to the client application for validation. Since the passwords are usually sent to the client applications over plain-text, this is a serious vulnerability in which TPM can provide a solution for. Using the 20-byte authorization code, a TPM object is created for each user password with this then being saved in the objects authorization field. To verify a password, an application would need to send an OIAP request to access the TPM object. TPMs response to this request would indicated whether the password was correct or not. As a plus, this serves as both password storage and verification with the password never being sent to the application thus eliminating the vulnerability associated with plain-text. 3.5TPM Future TPM is compatible with many hardware and software platforms in use in todays commercial markets and is already in use by several major business functions, to include: Banking, E-Commerce, Biometrics and even Antivirus applications. Looking forward, TPM will play an even bigger role in the evolving mobile market, providing more enhanced security for cell phones, GPS tracking systems, tablets and more. TPM can be used to secure the Mobile Operating System (OS) from being modified by attackers and can be used to further secure authorized access by implementing a hard-coded digital signature solution. For GPS devices, TPM can be used to protect against the modification of system defined location parameters, thus preventing an attacker from adjusting those parameters to satisfy their ends. The biggest constraint facing TPMs implementation within the mobile realm is the space and power constraints on mobile devices. Research is being done on whether a mobile instantiation of TPM should be based on firmware, software or even hardware. A hardware implementation would be the most secure; however, the firmware-based option will likely prove to be the best approach as it will balance the security of the device with the size limitations. TPM is also being looked at with regards to providing security enhancements for cloud-based services. Cloud computing has migrated most of the standard desktop to a virtual and remotely

Characteristics of a close relationship

Characteristics of a close relationship PSYCH/220 – Positive Psychology: What's Right with me August 17, 2014 It is safe to say as I move along and our population grows we meet new and interesting people every day. Whether we encounter people on the subway, buses, or elevators we form a bond with people even if all we have in common is taking the same train or bus at the same time every day.These situations build comfort and security, the more and more we see each other eventually It would become a dally outing and a friendship or acquaintance can be formed. As stated In chapter 1 1, an intimate relationship does not mean it Is physical or has the potential to become physical; an intimate relationship is structured by six components, an intimate relationship Is formed by Knowledge, Trust, Caring, Interdependence, Mutuality, and commitment. A perfect example for me of this relationship is the one I share with my father.I am 26 years old now and I have been married since I was 2 0 and I have two beautiful boys, and everything I set a new goal and challenge and I accomplish It I hank my dad because I feel he made me the man I am today. Growing up I was a bit difficult and to be quite honest I did not have much of a relationship with my dad, I was always well defended by my mom and I usually always stuck with her. My father was born on Dominican Republic, so his way of living and ways of being where different from what I seen here with my friends and even on Television.Since he had his way and I felt his way was a bad one we never seen eye to eye and we were choices in life, I noticed his happiness, then I started to realize that my father Just anted the best for all his kids, Just that his methods for expressing himself and actions where outdated. I turned over a new leaf with my dad, I consider my father my superhero, my mentor and best friend especially when I had kids of my own. I realized as a father everything my father did for me and my sibling to path the way for us to succeed.An intimate relationship relies on Knowledge, The knowledge of mutual understanding based on self-disclosure which consists on revealing personal details f one's self to another. My father and I have reached, when I am in need of advice or help he speaks from experience, tells me if he had ever experienced a particular situation and how he responded to it. Aside from knowledge we must have Trust, in this case is the security that no harm will be done. I trust my father to give me advice and criticism which will better myself and with my best interest at heart.Now as a father I would assume that possessing the characteristics of caring should be unsaid cause it is a father son relationship, however in reaching a new level of appreciation for my dad I have realized that I not only care for my dad as my father but as a person, as another human being. I care for him because he cares for me and my children; he continues to be a great father and even better gran dfather. These are Just a few of the many characteristics that my intimate relationship with my father consists of. Every day I am grateful to have established this level communication, comfort, and trust with one another.

Philippine President Benigno Simeon Essay

Philippine President Benigno Simeon C. Aquino delivered his sixth State of the Nation Address on Monday, July 29, 2015 at the Batasang Pambansa in front of joint session of the Upper and Lower House of the country’s Legislative Branch of Government. Some students will surely give their reaction paper with the Pres. SONA as part of their assignment. The State of the Nation Address (SONA) of President Benigno S. Aquino started at around 4:00 PM (PST) and concluded after two hours and 15 minutes. The SONA 2015 is one of the highly anticipated date of the administration, as the head of state reports his accomplishments and plans for the country. During the entire SONA, the President received a total of .. rounds of applause. President Aquino started his Sixth SONA by issuing an apology that the traditional processional walks was not made because Main Topics for Discussion: Blaming the Previous Administration: President Aquino once again blamed the previous administration of former President Gloria Macapagal Arroyo mentioning the problems he inherited during his earlier days as President such as the NBN ZTE Deal, Hello Garci controversy, questionable bank accounts of Jose Pidal, Maguindanao Massacre, MWSS Bonuses and the NFA anomalies. Highlighting the Achievement of His Cabinet Members: The President applauded the members of his Cabinet for an excellent jobs as members of his Daang Matuwid program. He showcased the achievements of his administration in transportation and communications, tax/revenue, labor and wages, international relations, education, budget and finance, peace, social welfare, justice, calamity and disaster preparedness, national security, economy, infrastructure, governance and reform. Pres. Aquino lauded Commissioner Kim Henares for her tax reforms mentioning the 380 cases filed against tax evaders. The collections of the BIR also went up to P1.3 trillion and this year 2015, the BIR collection went up to P1.5 trillion. Manufacturing & Unemployment: Pres. Aquino stated that there’s a 3% average growth in the manufacturing  sector from 2001-2009 but under his administration from 2010 to 2014, the manufacturing sector grew by 8%. The unemployment rate of the Philippines also dropped to 6.8% last year and considered as the lowest ever recorded in a decade. 4Ps and the Education Sector: Pres. Aquino highlighted the ‘Pantawid Pamilyang Pilipino Program’ or 4Ps which now have 4.4 million beneficiaries from 786,523 in 2010. In 2008, there were 2.9 million out of school youth in the country. In 2013, only 1.2 million out of school youth remained. On education sector, PNoy said that Alternative Learning System helped to ensure that even indigenous peoples and street children are not left behind. The requirements for the K to 12 programs – backlogs of 66,800 classrooms, 145,827 teachers, 73.9 million textbooks already provided. For TESDA program of the government, studies show that 71.9% [of TESDA graduates] found employment right away, compared to the 28.5% recorded before. Health and Social Welfare: Around 89.4 million Filipinos are already member of the Philhealth program of the national government and beginning in 2014, the poorest 40 percent of the population were treated in public hospitals for free. In social welfare, PNoy said that in the Sitio Electrification program, 25,257 sitios out of 32,441 were served. Aviation & Transportation Sector: In aviation, ICAO lifted the safety concerns it imposed to the Philippines in 2013. The EU Air Safety Committee lifted the travel ban in all local carriers. For the unresolved problem on Metro Rail Transit (MRT), Aquino said plans of purchasing of new MRT train coaches. Armed Forces of the Philippines: In the Armed Forces of the Philippines (AFP) modernization, the government has plan to buy 2 more C-130. There will be additional 6 landing craft utilities and 3 C-295 medium lift transport. President Aquino mentioned the PNP’s project such as their Capability Enhancement Program of which 2,523 patrol jeeps and 577 utility vehicles were purchased. Important Bills and Legislations: Pres. PNoy wish to pass the Bangsamoro Basic Law and his interest on the controversial Anti-Dynasty Law which received the loudest applause from SONA expectators. When he mentioned his interest on Anti-Dynasty Law, it received the loudest applause from SONA expectators. â€Å"Panahon na para ipasa ang isang Anti-Dynasty Law.† PNoy also thanked Congress and Senate for other bills and acts such as Philippine Competition Law, Sin Tax Reform Act and Responsible Parenthood Act. The president also thanked officials of the government for their contributions, sacrifice and wellspring of inspiration to the nation. He lauded Interior and Local Government Secretary Mar Roxas for his contributions to Daang Matuwid. Pres. Aquino ended his speech with the following statement â€Å"Simula pa lang ito. [Palakpakan] Nasa unang yugto pa lang tayo ng dakilang kuwento ng sambayanang Pilipino. Sa gabay ng Panginoong Maykapal, at sa patuloy nating pagtahak sa Daang Matuwid, lalo pang tatayog ang mga pangarap na maaabot natin. Lalo pang lalawak ang kaunlarang tinatamasa natin. Nasasainyo pong mga kamay ang direksiyon natin. Magandang gabi po sa inyong lahat, maraming salamat sa inyong lahat po.† Reactions to President Aquino’s SONA: President Aquino missed so many important topics during his last and final SONA, the entire SONA centered on his administration’s accomplishment and giving credits to his partners on his â€Å"Daang Matuwid.† Some of the important issues that the President failed to mention during his sixth SONA are the following, the controversial PDAF issue, the Mamasapano Massacre, the expansion of Chinese territories in the West Philippine Sea and the Freedom of Information Bill to name a few.

Case Study Essay on Nursing Informatics

Case Study Essay on Nursing Informatics Case Study Essay on Nursing Informatics Nursing Informatics in today’s Healthcare Delivery System: This paper highlights the essentiality of informatics processes and technology in informatics in enhancing the safety of patients and summarizes nursing research that is relevant to the matter. The paper makes use of numerous material most of which is current to highlight the importance of informatics in improving health care. The author arranges the information logically, first by defining and describing the key aspects of the article, as well as, key terms. The information is seen as largely accurate and valid as it is cited correctly fro current materials and arranged in a manner that supports the topic and purpose of the article. The conclusions of the paper are based on most of the information cited in the main body of the paper. The recommendations are deducted from the analysis of the information presented and, therefore, are believable to a certain level. One of the things that reduce the level of accuracy of the conclusions of the author is that he introduces new materials at the conclusion level and that makes the conclusion less valid. Though the author might have included this new citation to support the conclusions he draws, it would have been more accurate if the conclusions and recommendations were entirely drawn from the body of the paper. The purpose of this article was to utilize an approach that was qualitative in exploring perceptions in nursing of the effects of health information system utilization in the work place. To achieve its purpose, the research utilized three institutions in National healthcare Group. It also involved seven nurses and interviews. The researchers provided a brief overview of the major aspects of the study which was supported by a number of current studies and literature. The literature is current and well cited and the information is arranged in a manner that is logical. It is highly probable that the information is accurate and valid as it is cited from current material. The authors get their conclusions from a careful analysis of the results of the study. The conclusions and the recommendations of the study, therefore, are believable as one can follow and make sense of them from the methods, results and analysis of the interviews carried out in the study. There are a number of limitations, however, that the study presents. For instance, study was small and, therefore, it is impossible to generalize the results of the study to represent a larger population. Additionally, the quality of the article is determined largely by the skills of the researchers. As it follows, the outcomes might not be wholly accurate or valid. The validity of the truth of the results is also doubtful as the researcher asked the participants sensitive questions regarding HIS and its barriers and effects. However, the study is essential as it gives the audience a first- hand opinion of the users of health information systems and the kind of effects it has on health care, and qu ality of outcomes in patients. The purpose of this article id to look at the level at which Canadian medical institutions have adopted health informatics and the impacts the informatics have on health delivery. The author basis her arguments on a number of materials most of which are current. This indicates that the accuracy of her deductions is assured. Additionally, the work is properly cited and, therefore, it can be thought of as valid. The author introduces the article by giving to her audience the main perspective and focus of the paper. Additionally, the author also carries out her own surveys to add on to the information derived from the literature. The conclusions of the study are made after the careful analysis of the results of the survey and after the careful study of the literature. Though the article is of uttermost importance to the nursing industry, it also poses a number of limitations. The study makes conclusions about Canada and, therefore, the recommendations can only be made about Canada and c annot be generalized with a larger population. This paper is a systematic literature review that seeks to explore the current, available studies that indicate whether the nursing population in the US today, other than the current graduates, have the required, sufficient knowledge and competencies to utilize knowledge in informatics and skills to enhance the advancement of practice based on evidence and utilization of electronic systems of medical records effectively and associated technologies. The author uses articles derived from the period between 1999 and 2006. The currency of the articles he chooses to use in the literature review indicates that the information displayed in the article is current and valid. The information is also properly cited and referenced to indicate that it is accurate; the author arranges the information logically by first defining the main aspects of the subject matter. The author makes several conclusions all of which are based on the information obtained from the literature reviewed. The author does not include any other information that is not priory highlighted in the reviewed literature. There are some limitations in the article nevertheless. For example, the author highlights four different limitations that he deems are the contributing factors to the incomplete study and research if the clinical population. The author does not show how he came with these conclusions. It is not clear that his recommendations are backed up with evidence or they are just personal recommendations. However, the study is extremely significant in today’s health care as they highlight the areas in need of improvement when it comes to nursing informatics in providing health care. The article can be used in the making of the concepts paper as it can be used to help nurses improve their informatics knowledge by highlighting areas of need. The article discusses the importance of electronic health records in improving the kind of health care hospitalized patients get in hospitals. The article also shows how essential it is for nurses to use sources of electronic documentation as it is the only relevant and meaningful way of majority of the essential information about their patients. The article draws a lot of its information from numerous articles and other materials that are logically organized. The material the article draws its evidence from seem appropriate for the subject are, therefore, appropriate. The cited materials help the authors discuss and show the relevant aspects of electronic documentation and its implications. Additionally, the authors carry out their own studies which involve an integrative review of the available literature and the examination of the associations between the quality of health care and electronic documentation. The study does this by following the quality framework by Donabedian. The general discussions and summary of the article are used by the authors to provide an essential overview of the conclusions that article draws. They also could be highly useful to support the conclusion in the research paper. The paper, however, had one significant limitation and that is the researchers did not seek to answer the question, ‘how does electronic documentation aid nurses in delivering quality health care?’ the study did also not evaluate the outcomes of the patient. These limitations, however, can be used as new topics for future research whereby researchers in the future can find out from nurses how electronic documentation help in improving delivery of health care so as to obtain and define variables for evaluating some outcomes in patient health. This source is extremely essential because it provides one with the essential information on how health care can be improved. This is one way that one can come up with recommendations of how today’s he alth care can be improved and enhanced. Are you ready to pay for custom case studies written by highly qualified writers? Dont hesitate to contact our company right now!

Germanys Surrender in WWI essays

Germanys Surrender in WWI essays Germany both at home and working in the army were spiralling down hill fast, even though the government was hiding the worst of the war under its belt. The German people had suffered immensely throughout the war because of the British blockade. Food riots had broken out in some major towns and cities and thousands of workers had gone on strike for the high cost of living. During the harsh and terrible conditions of the trenches of the Western Front something else swept through the trenches other than the normal bugs. It was called the Spanish Flu it hit the Western Front in 1918 and was as deadly as the Plague. It often killed its victims within just hours of the first signs of infection. Of course this did not go down to well with the soldiers in the trenches as u can imagine. Killing each soldier one after another and not particularly helping the German Army. Erich Ludendorff was Germany's chief strategist during World War I. He believed that Germany needed to concentrate on both land and sea warfare to defeat Britain. He led and unrestricted submarine war on Britain, which was largely responsible for the entrance of USA into the war. With the aid of the United States, the Allies were able to defeat the Central Powers and defeat Germany. In October 1918 United States President Woodrow Wilson demanded an unconditional surrender from Germany. Ludendorff opposed and then later resigned. On November 11, 1918, at 5:00 am the Allied and German delegates signed an armistice on terms made up by the Allies, at 11:00 the same morning hostilities on the western front came to an end. The end of the war on the 11th hour of the 11th day of the 11th month of 1918. The Germans had surrendered. ...

Lesson 4.3 -Outlines Essay Example | Topics and Well Written Essays - 500 words

Lesson 4.3 -Outlines - Essay Example The topic on climate change is growing with each day; this is due to the adverse effects felt in regions that are worse hit by the problem, resulting into drought unpredictable rainfalls poor harvests for some regions and poor air quality resulting from pollution. Thesis statement: This paper will aim at solving the problem of climate change through going through the progress of the problem, its origin and giving suggestions as to how the problem can be fixed and its effects eradicated from the face of the earth. This is not a new topic; hence, some reference will be given from already existing contributions made towards fixing the problem. This is the unpredictable weather patterns as to what has been observed over long periods. The various aspects of human life that have and are still contributing to climate change necessitate this. However, some groups and scientists are of the opinion that climate change is not manmade and that it is part of normal changes within the solar system. This paper will provide evidence that climate change is manmade and can be controlled. Climate change did not exist in the early days; this problem was realised not long ago through the effects it portrayed. Climate change and pollution of the environment have a direct link to each other, hence it is right to say climate change is a result of pollution and that human beings or manmade activities result in pollution of the environment. That translates to the fact that climate change is manmade. There are gases that are released into the atmosphere as a result of human activity through burning of fossil fuels that end up polluting the air and causing effects such as warming around the world that ends up melting the ice caps. This is finally manifested through flush floods and rise in sea levels having negative impact on the people living near large water bodies. As it is indicated through the paper, climate change is as a result of human

1-Why is the GLOBE Study so important to the development of Assignment

1-Why is the GLOBE Study so important to the development of multicultural studies2- How can you develop Cultural Intelligence (CQ) Is CQ related to Emotional Intelligence (EQ) - Assignment Example The GLOBE study is significant in the development of multicultural studies since it relies on support from cultural scholars like Hofstede, Schwartz, and Smith. We can develop cultural intelligence by being curious and interested in different cultures. Devising learning strategies and finding entry points into new cultures develops cultural intelligence (Rasmussen, 2014). Developing awareness about issues relating to other cultures also develops cultural intelligence. Embracing cultural diversity and accepting people from different cultures develops cultural intelligence (Rasmussen, 2014). Developing awareness on my bias towards other cultures helps one to avoid cultural ignorance. Believing in one’s ability to adapt to culture helps in understanding different cultures that defines cultural intelligence (Rasmussen, 2014). Evidently, cultural intelligence relates to emotional intelligence in that emotional intelligence is one of the components of cultural intelligence (Earley & Mosakowski, 2004). Other components of cultural intelligence include cognitive and physical intelligence. Moreover, emotional intelligence factors that relate to social competence define cultural intelligence. As such, specific aspects of emotional intelligence relate to certain cultural intelligence factors (Earley & Mosakowski,