International Journal of Electronic Security and Digital Forensics (10 papers in press)
VolNet: A Framework for Analyzing Network based Artifacts From Volatile Memory
by Nilay Mistry, Mohindersinh Dahiya
Abstract: Volatile memory contains an affluence of information regarding the current state of the running system. Memory forensics techniques inspect RAM to extract information such as credentials, encryption keys, network activity and logs, malware, MFT records and the set of processes, open file descriptors currently executed by the operating system, etc. To achieve retrievability of potential artifacts, a memory dump should be taken prior to shutting down the system. It is the most vital aspect for carving information residing into the volatile memory. Volatile memory dump is used for offline investigation of volatile data. The analysis provides information regarding the activities being performed over the running system. This research focuses on our developed framework called as VolNet through which investigator can extract and analyze the artifacts related to network communication, social chats, cloud-based artifacts, private browsing and anonymous surfing and other potential artifacts that can be obtained from RAM dumps of live systems.
Keywords: Digital Forensics; Anonymous Surfing; Volatile; Random Access Memory; Credentials; Communication; Private Browsing.
Phishing URL Detection Based Feature Selection to Classifiers
by S. Carolin Jeeva, Elijah Blessing Rajsingh
Abstract: Phishing is an online scandalous act that occurs when a malevolent webpage impersonates as legitimate webpage in the intension of exploiting the confidential information from the user. Phishing attack continues to pose serious risk for web users and annoying threat in the field of electronic commerce. Feature selection is the process of removing unrelated features and thus reduces the dimensionality of the feature. This paper focuses on identifying the foremost features that categorize legitimate websites from phishing websites based on feature selection. In real world identifying phishing URL with low computational time and accuracy is very important and thus feature selection is considered in this work. A comparative study is carried out on different data mining classifiers before and after feature selection and the performance are evaluated in terms of accuracy and computational rate. The results indicate that the proposed approach detects phishing websites with considerable accuracy.
Keywords: Web security; Cyber-crime; Phishing; Attribute selection; classification and machine learning.
MODEL FOR DIGITAL EVIDENCE PRESERVATION IN CRIMINAL RESEARCH INSTITUTIONS PREDECI
by Fernando T. Molina Granja, Glen Dario Rodriguez Rafael
Abstract: This paper presents a model for the preservation of digital evidence in criminal research institutions. The objective of the model is to include features for the admissibility of evidence in court and provide support to fulfill the legal requirements and performance of this sector. This model is based on 14 preservation requirements of digital evidence and its admissibility, which were extracted from the literature review and a series of performance indicators to assess the fulfillment of the proposed goals. In addition to the model, there is an implementation guide based on the OAIS approach, consisting of NESTOR with three levels and eight frameworks, which includes an implementation plan, development plan, and evaluation plan. This is intended for criminal research institutions and can be used as a basis and reference for the preservation of digital evidence enabling them to align with business strategies and meet the needs of the institution. A preliminary assessment is presented for 74 players involved in the process of preservation and admissibility of evidence. This research proposes a framework to continue the preservation of digital evidence, which ensures the better integrity and increases the admissibility of the evidence supported by the techniques of long-term preservation based on the OAIS preservation model.
Keywords: Digital Preservation; Digital Evidence; Digital Repositories; OAIS; Admissibility; Digital Evidence Preservation.
An improved authenticated key agreement with anonymity for session initiation protocol
by Haoran Chen, Jianhua Chen, Han Shen
Abstract: As a lightweight and flexible signaling protocol, session initiation protocol (SIP) has been widely used for establishing, modifying and terminating the sessions in the multimedia environment. The increasing concerns about the security of communication sessions that run over the public Internet has made authentication protocols for SIP more desired. Recently, Lu et al. proposed an authentication scheme for SIP and claimed that their scheme is secure against various known attacks while maintaining efficiency. However, in this paper we will indicate that their protocol suffers from server spoofing attacks and failed to provide mutual authentication as they claimed. Further, we have presented an improved authentication protocol for SIP and proved its security using BAN logic. Though the security and performance analysis, we illustrate that the proposed scheme is more secure and flexible.
Keywords: mutual authentication; session initiation protocol; elliptic curve; key agreement; communication security.
The preservation of digital evidence and its admissibility in the court
by Fernando Molina Granja, Glen D. Rodríguez Rafael
Abstract: This article's objective is to screen and analyse the common models of digital preservation that exist, the elements, the degree of compliance with the general guidelines, the use of techniques and compliance with specific requirements as well as to evaluate the need for a solution to the environment of criminal investigation institutions, in the scenario that lacks a specific model. The importance of the preservation of digital objects is currently heavily analysed. Several aspects may serve to make the digital objects worthless, such as the uselessness of hardware, the deficiency of ancient computing formats to support their use, human errors and malicious software. The majority of crimes currently have a digital component, such that governments and the police are obliged by law to indefinitely hold digital evidence for a case's history. Until the presentation of the digital evidence in court, the evidence must be collected, preserved and properly distributed. The systems currently used often involve multiple steps that do not meet the demands of the growing digital world. The volume of digital evidence continues to grow, and these steps will soon become operationally and economically unfeasible for agencies responsible for performing these tasks.
Keywords: digital preservation; digital evidence; evidence preservation; evidence admissibility; criminal investigations; cybercrime; preservation models; evidence integrity; digital crimes; court cases.
Cryptographic collusion-resistant protocols for secure sum
by Maede Ashouri-Talouki, Ahmad Baraani-Dastjerdi
Abstract: Secure summation is one of the most applicable functions of secure multiparty computation (MPC) in which a group of users securely computes the summation value of their private inputs. The current solutions to this problem are basically on adding a random number to private inputs or splitting the inputs among users which need secure channel among members. Moreover, to be resistant against collusion of n − 2 players, they impose high communication cost. In this paper, we propose three cryptography-based protocols for secure sum that do not need secure channel and are secure against collusion of n − 2 players. Also, the communication cost of the proposed protocols is of complexity O(n). Based on the privacy requirements, the proposed protocols can provide the final result privacy as well as the private input privacy.
Keywords: multiparty computation; secure MPC; cryptography; data privacy; collusion resistance; collusion-resistant protocols; secure summation; data security; privacy preservation; privacy protection; secure sum.
A new kind of steganography schemes for image
by Zhihai Zhuo, Ning Zhong
Abstract: Message security is more and more important in our modern life. As encryption arousing suspicion easily, steganography which aims at hiding secret message in a cover and has little influence on the cover becomes popular. There are many steganography algorithms having been proposed. Most of them are based on binary, but binary sequence is longer than ternary sequence of a same decimal sequence. In this paper, to have a shorter sequence to represent secret message and protect it, we propose a new method to deal with secret message and get a binary sequence, a ternary sequence and a quaternary sequence. For the ternary sequence and quaternary sequence, we propose a ternary JSteg method and a quaternary JSteg method; this method can keep the histogram characters. So for same secret message, our method will have less influence on the cover.
Keywords: image steganography; ternary Jsteg; data hiding; dual images; information hiding; watermarking; message security; binary sequence; ternary sequence; quaternary sequence; histogram characters.
Vanishing files: protocols and regulations for immaterial documents
by Rosario Culmone, Maria Concetta De Vivo
Abstract: Regulatory and technological aspects of cloud technology are showing both opportunities and gaps in the rules on security and accessibility. Our proposal aims at addressing a problem that has not yet manifested using a protocol and discussing the normative aspects regarding the possibility of rendering a document completely immaterial. Our article proposes a protocol that uses the network in an unconventional way to make a document fully immaterial. By immaterial we mean that is not localisable anywhere in its entirety. If we continue the analogy to climate, we want to realise a fog of files rather than a cloud. The files are distributed on a public or private network and only the injectors and extractors can access them. The inaccessibility by others, the non-location, and the dynamics of the system offer significant advantages in terms of security but raise some legal problems.
Keywords: network security; cloud architecture; network protocols; legal aspects; normative aspects; protocols; regulations; immaterial documents; cloud computing; cloud security.
Forensically ready digital identity management systems, issues of digital identity life cycle and context of usage
by Mehrdad Tajbakhsh, Elaheh Homayounvala, Sajjad Shokouhyar
Abstract: Collecting necessary digital and network forensics to prove the identity of an individual who is responsible for a crime, or suspected of a malicious attack, or has used a device during an incident, with minimum doubt to the court or other legitimate organisations based on the digital forensic investigation model is one of the most important legal and security issues of digital identity management systems (DIMSs). Without a good understanding and identification of the most important parameters of DIMS based on the digital forensic investigation model, it is not possible to do digital forensic investigation and provide required evidence. Therefore, the main goal of this paper is to identify and prioritise DIMS parameters by considering a user's digital identity lifecycle, the contexts of usage challenges, and constraints that should be considered in a digital forensic readiness model.
Keywords: digital identity lifecycle; digital IMS; identity management systems; DIMS; digital forensic investigation; forensic readiness; usage context; digital forensics; network forensics; legal issues; security issues.
ASEAN users' privacy concerns and security in using online social networks
by Narumon Sriratanaviriyakul, Mathews Nkhoma, Anna Lyza Felipe, Thanh Kim Cao, Quyen Ha Tran, Roger Epworth, Avinash Shankaranarayanan, Huy Le Quang
Abstract: As the ASEAN consumers are increasingly moving online, the number of internet users according to UBS increase to 32% across the region and 112% penetrated by mobile technology. More than 50% of ASEAN users are participating to online social network (OSN). This research is to investigate the awareness and influence of security and privacy issues on internet users' trust, and building a safer OSN landscape in South East Asian region by examining the relationships among online privacy concerns, security, trust, and intention. Using structural equation modelling, the findings shows that 'privacy' correlates with 'security' but these two variables do not have significant impact on users' trust. Moreover, only 'trust' and 'security' affect users' intention to use OSN.
Keywords: online social networks; OSN; privacy concerns; network security; trust; ASEAN consumers; privacy preservation; privacy protection; internet users; South East Asia; intention to use; structural equation modelling; consumer behaviour; social networking.