Forthcoming articles


International Journal of Electronic Security and Digital Forensics


These articles have been peer-reviewed and accepted for publication in IJESDF, but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.


Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.


Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.


Articles marked with this Open Access icon are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.


Register for our alerting service, which notifies you by email when new issues of IJESDF are published online.


We also offer RSS feeds which provide timely updates of tables of contents, newly published articles and calls for papers.


International Journal of Electronic Security and Digital Forensics (29 papers in press)


Regular Issues


  • Effective Methods to Detect Metamorphic Malware: A Systematic Review   Order a copy of this article
    by Mustafa Irshad, Haider Al-Khateeb, Ali Mansour 
    Abstract: The succeeding code for metamorphic Malware is routinely rewritten to remain stealthy and undetected within infected environments. This characteristic is maintained by means of encryption and decryption methods, obfuscation through garbage code insertion, code transformation and registry modification which makes detection very challenging. The main objective of this study is to contribute an evidence-based narrative demonstrating the effectiveness of recent proposals. Sixteen primary studies were included in this analysis based on a pre-defined protocol. The majority of the reviewed detection methods used Opcode, Control Flow Graph (CFG) and API Call Graph. Key challenges facing the detection of metamorphic malware include code obfuscation, lack of dynamic capabilities to analyse code and application difficulty. Methods were further analysed on the basis of their approach, limitation, empirical evidence and key parameters such as dataset, Detection Rate (DR) and False Positive Rate (FPR).
    Keywords: Metaphoric malware; Malware Detection; Review; Opcode; Control Flow Graph; API Call Graph.

  • A novel smooth texture based visual cryptography approach for secure communication   Order a copy of this article
    by Ram Barik, Sitanshu Sahu, Suvamoy Changder 
    Abstract: This paper proposes a novel encoding technique to encrypt information as visual object embedded in an image. The textures of the objects are made up of lines to form a geometrical shape. The images of the textures are combined to produce an overt cipher host image which appears as a grid structured image. The cipher host image holds the covert informations which are embedded inside those sub-image or grids as an object in a chaotic pattern. The textures of objects for encoding the information is generated then reshuffled and arranged to barred it from eavesdropping. For decryption visual character recognition is being applied using artificial neural network. The reliability of the proposed approach has been illustrated with some empirical examples. The overall cryptography process in a digital image makes it a simple and effective methodology for the secure communication.
    Keywords: Grid Structured; Cryptography; Texture; Visual Cryptography; Multilayer Perceptron; Shuffling pattern; RSA; DES (Data encryption Standard); AES (Advanced Encryption Standard.

  • Implementation of RFID Mutual Authentication Protocol   Order a copy of this article
    by Sivasankaran Kumaravel, Ashik JOJI 
    Abstract: RFID (Radio Frequency Identification): The most flexible auto identification technology has a dereliction in its security. Over the years researchers have worked on the security issue of the long established commonly used Passive UHF RFID tags and have come up with some authentication protocols scorning its hardware implementation. Here a lightweight mutual authentication protocol is implemented in ASIC based on the EPC Class 1 Generation 2 framework released by EPC global, which is the widely used industrial standard for passive UHF RFID communication. We have proposed to incorporate ROM to store message signal, which shows significant reduction in area and power as compared to existing digital baseband architecture.
    Keywords: EPC; security; RFID; LFSR; lightweight; authentication; VLSI; pierndecoder; fm0 encoder.

  • Improvement of Signature Scheme Based on Factoring and Chaotic Maps   Order a copy of this article
    by Nedal Tahat, Eddie Esmail 
    Abstract: Chain and Kuo (2013) proposed an efficient signature scheme based on chaotic maps and factorization. Their scheme is secure but requires many keys for signing documents. In this article, we shall propose an improvement of Chain and Kuos signature scheme. The improved scheme will outperform their scheme in the number of keys.
    Keywords: chaotic maps; digital signature; factorization; cryptography.

  • Certificateless Aggregate Deniable Authentication Protocol for Ad Hoc Networks   Order a copy of this article
    by Chunhua Jin 
    Abstract: Deniable authentication allows a receiver to identify the source of a given message, but cannot prove the source of a given message to any third party. It can be employed in electronic voting (e-voting) systems, electronic tendering (e-tendering) systems and secure networks negotiation. These applications can be well realized in ad hoc networks. Therefore, deniable authentication is an essential security requirement for ad hoc networks. Aggregate deniable authentication is a method for combining n authenticator of n distinct messages from n distinct users into one single authenticator. This feature is very attractive in bandwidth-limited ad hoc networks. In this paper, we present an efficient certificateless aggregate deniable authentication protocol. Our protocol is based on certificateless public key cryptography that has neither the public key certificates management problem in traditional public key infrastructure(PKI) cryptography nor the key escrow problem in identity-based cryptography. The security of our protocol can be proven in the random oracle model under the bilinear Diffie-Hellman(BDH) and computational Diffie-Hellman (CDH) problems. In addition, our protocol adopts aggregate verification that can speed up the verification of authenticators. Our protocol is very suitable for ad hoc networks.
    Keywords: Ad hoc networks; Deniable authentication; Aggregate; Certificateless cryptography; Random oracle model.
    DOI: 10.1504/IJESDF.2018.10010114
  • An efficient certificateless aggregate signature without pairing   Order a copy of this article
    by Yunyun Qu 
    Abstract: Aggregate signature scheme enables an algorithm to combine n signatures of $n$ distinct messages from n users into a single short signature. The resulting aggregate signature can convince the verifier that the n users indeed sign the n messages. Since it greatly reduces the total signature length and verification cost, this primitive is useful especially in environments with low band width communication, low storage and low computability. The notion of certificateless public key cryptography which eliminate the use of certificates in certified public key cryptography and the key-escrow problem in identity-based cryptography was introduced. In this paper, we present the first certificateless aggregate signature scheme which is immune against bilinear pairings and has the advantages of both aggregate signatures and certificateless cryptography. Without the heavy computation of bilinear pairings, our proposed scheme is efficient and practical in both communication and computation for many-to-one authentication. The scheme is also proven existentially unforgeable against adaptive chosen-message attacks under the hardness of breaking elliptic curve discrete logarithm problem.
    Keywords: Certificateless public key cryptography; aggregate signature scheme; discrete logarithm problem (DLP); Random oracle model.

  • Secure and Efficient Authentication Scheme for Access Control in Mobile Pay-TV Systems   Order a copy of this article
    by Hang Tu, Jingsong Cui 
    Abstract: The increasing ubiquity and use of mobile devices enable them to access television programs through Mobile Pay-TV (MPTV) systems. To achieve secure communication in MPTV systems, authentication schemes for access control in these systems are needed. Recently a One- To-Many Authentication (OTMA) scheme that guarantees secure communication in MPTV systems was proposed. However, it was found by other researchers that such a scheme could not resist the impersonation attack and could not provide mutual authentication. As a result, a new OTMA scheme was proposed and it was claimed that OTMA could solve the security weaknesses of the OTMA scheme. We demonstrate that the new OTMA scheme cannot resist the impersonation attack and and cannot provide mutual authentication. To mitigate these major security weaknesses, we propose a new OTMA scheme. A security analysis of our proposed OTMA scheme demonstrates that it can overcome the security weaknesses of the previously proposed OTMA scheme and improved its performance1.
    Keywords: Authentication; anonymity; impersonation attack; mobile pay-TV; security.

  • Attribute-Based Encryption Supporting Data Filtration over Post-Quantum Assumptions   Order a copy of this article
    by Jiao Chunhong 
    Abstract: As the internet becomes prevalent, plenty of sensitive data is being transferred in open networks environment. It is worth concerning how to achieve efficient data transfer in a privacy-preserving manner. Although attribute-based encryption(ABE) can achieve fine-grained access control over encrypted data, it still could not work for restricting unauthorized user to access. In this paper, we introduce a new cryptographic primitive called attribute-based encryption supporting data filtration(ABE-SDF), and formalize the security mode by incorporating the advantages into previous ABE. Finally, we present an efficient construction of the scheme over post-quantum assumptions, our scheme is believed to be quantum-resistant owing to the special property of lattices. Based on the LWE assumption, we prove that the proposed scheme has the indistinguishability against selective chosen plaintext attacks and the authentication information security.
    Keywords: ABE; Data Transfer; LWE; Post-Quantum.

  • Video Steganalysis to Obstruct Criminal Activities for Digital Forensics: A Survey   Order a copy of this article
    by Mukesh Dalal, Mamta Juneja 
    Abstract: Steganography is the method to hide information in a carrier whereas steganalysis is the procedure to discern the presence of the information hidden in a carrier. Steganography is used for secure communication but these techniques can also be used by terrorists or criminals for camouflage communications. So the techniques for steganalysis are becoming more significant nowadays. The significance of steganalysis techniques that can precisely detect the existence of secret data in a video is increasing nowadays as there is evidence found that terrorist groups are using video steganography to communicate. So, for national security, it is required to gather adequate evidence of the existence of secret data embedded and interrupt the communication. This paper intends to present some of the evidence of the use of steganography by terrorists and criminals with a survey of existing video steganalysis techniques and also discuss some of the open challenges in this field.
    Keywords: Steganography; video steganalysis; spatial domain; transform domain; compression; motion vector; motion estimation; inter-frame prediction; intra-frame prediction; classifier.

  • LSB Based Audio Steganography preserving Minimum Sample SNR   Order a copy of this article
    by Mohammed Nasrullah 
    Abstract: Steganography is the art of hiding a secret data in another data. Audio steganography is a technique for hiding information in an audio signal. One of its methods is least significant bit (LSB) coding. The proposed system is embedding bits in LSBs while keeping the minimum signal to noise ratio (SNR) for each sample as required. This method gives a maximum number of embedding bits as possible, and increase the security by keeping secret the minimum required sample SNR. Also the length of the required audio carrier to embed the message changes according to the minimum required sample SNR.
    Keywords: Audio steganography; Data hiding; Least significant bit (LSB); Signal to noise ratio (SNR); Minimum sample SNR.

  • A Comparative Forensic Analysis of Privacy Enhanced Web Browsers and Private Browsing Modes of Common Web Browsers   Order a copy of this article
    by Ryan Gabet, Kathryn Seigfried-Spellar, Marcus Rogers 
    Abstract: Growing concerns regarding internet privacy has led to the development of enhanced privacy web browsers. The authors conducted a digital forensic examination, to determine the recoverable artifacts, of three enhanced privacy web browsers (Dooble, Comodo Dragon, Epic) and three commonly used web browsers in anonymous browsing mode (Chrome, Edge, and Firefox). In addition, the authors compared two digital forensic tools (FTK, Autopsy) commonly used by law enforcement to determine differences in recoverable browser artifacts. Results indicated the enhanced privacy browsers performed about the same as the common browsers in anonymous browsing mode. In addition, FTK was the better tool for recovering and viewing browser artifacts for both browser groups. Overall, this study did not produce sufficient evidence to conclude that enhanced privacy browsers do indeed provide better privacy.
    Keywords: Privacy Browsers; Internet Artifacts; Digital Forensics; FTK; Anonymous.

  • Optimized Elliptic Curve Digital Signature on NIST Compliant Curves for Authentication of MANET Nodes   Order a copy of this article
    by Raj Kamal Kapur, Sunil Kumar Khatri, Lalit Mohan Patnaik 
    Abstract: Secure routing protocols for Mobile Ad hoc Networks (MANETs) use digital signatures based on Rivest, Shamir and Adleman (RSA), for authentication of routing messages which increases computational and communication overheads. Elliptical Curve Digital Signature (ECDSA) on the other hand uses much shorter keys to provide the same level of security as that of RSA. This results in smaller signatures, lower computational load, less memory and power requirements which are crucial to MANET nodes. The ECDSA however has a characteristic that the signature generation is very fast as compared to that of RSA algorithm but the verification of the signature takes much longer time due to complex arithmetic operations in the underlying finite prime field. Optimization of point operations and scalar multiplications operation have been proposed for accelerating the key generation, signature generation and verification processes. The acceleration of the signature verification process has also been proposed by carrying out simultaneous multiplication of two points using Joint Sparse Form (JSF) of scalars. It has been compared with verification process of ECDSA signatures using sequential mixed Jacobian-Affine wNAF scalar multiplication method. The proposed algorithm has been software implemented by writing the code in Java using Biginteger class on a Linux platform for National Institute of Standards and Technology (NIST) compliant curves. The proposed composite method has accelerated the signature verification process of ECDSA by approximately 27% over the sequential mixed Jacobian-Affine wNAF scalar multiplication method of verification.
    Keywords: ECDSA; Elliptic Curve; MANET; Digital Signature; Node Authentication; Secure Routing Protocol.

  • A New Diffusion and Substitution based Cryptosystem for Securing Medical Image Applications   Order a copy of this article
    by Mancy Lovidhas, Maria Celestin Vigila 
    Abstract: Due to the rising privilege for tele-health facilities have sophisticated responsiveness in the usage of medicinal image safeguard proficiency. It mainly compact with patient records that are secretive and must only available to legal person. So the medical image safety becomes a very significant problem, when patient evidence is conveyed through the public network. In this paper, a secret key of 128-bits size is generated by an image histogram. Initially, the photo sensitive feature of Digital Imaging and Communications in Medicine image is decomposed by the mixing process. The resulting image is distributed in key reliant blocks and further, these blocks are passed through key reliant diffusion and substitution processes. Total five rounds are used in the encryption method. Finally the generated secret key is embedded within the encrypted image in the process of steganography. This also enhances the security of proposed cipher. At the receiver side the secret key was recovered from the embedded image and decryption operation was performed in inverse format. Performance analysis designates that the proposed cipher is more secure.
    Keywords: Diffusion; Substitution; Histogram; Encryption; Steganography.

  • Energy Deviation Measure: A Technique for digital Image Forensics   Order a copy of this article
    by Surbhi Gupta, Neeraj Mohan, Parvinder Singh Sandhu 
    Abstract: Digital image forgery and its forensics have emerged as a significant research domain. Digital forensics is required to examine the questioned images and classify them as authentic or tampered. This paper aims at image tamper detection using a novel Energy Deviation Measure (EDM).The EDM is a measure of deviation in pixel intensity with respect to its immediate and distant neighbourhood. It is extracted by measuring the interpixel intensity difference across and inside the DCT block boundary of a JPEG image. Features from EDM have been used for the classification of the authentic and tampered images. Support Vector Machine is used for image classification. The experimental results have shown that the proposed method performs better with fewer dimensions as compared to other state of the art methods. It gives improved accuracy and area under curve while classifying images. It is robust to noise and JPEG image compression quality factor.
    Keywords: Energy Deviation Measure; Image tampering; Copy Move forgery; Image splicing; Image forensics; Compression artifacts.

  • ArMTFr: A New Permutation-Based Image Encryption Scheme   Order a copy of this article
    by Hassan Elkamchouchi, Wessam Salama, Yasmine Abouelseoud 
    Abstract: In this paper, a new image encryption scheme named (ArMTFr) is proposed. An image is encrypted using a combination of keyed permutations and substitution, where a fractal is XORed with the scrambled image. Fractal images are employed in order to improve the performance of the encryption scheme from the viewpoint of randomization and to increase the encryption key space, thus boosting its security. The employed permutations are the Arnold map and Mersenne-Twister's permutation algorithm. Before the encryption process starts, histogram equalization is used to enhance the contrast of the image by transforming the intensity values in it, so that the histogram of the output image approximately matches a uniform histogram. First, grayscale images are considered and then the basic algorithm is extended to handle colored images. Three representations for colored images are considered: RGB, YCbCr and HSI color spaces. The security of the algorithm is enhanced in this case by applying RGB color channels multiplexing. The experimental results show that the encrypted image has low correlation coefficients among adjacent pixels and a good histogram distribution, as well as resistance to various attacks.
    Keywords: Correlation; Image Encryption; Histogram Equalization; Pixel Permutation; Arnold Map; Fractals.

  • A New Scheme of Preserving User Privacy for Location-Based Service   Order a copy of this article
    by Xiaojuan Chen, Huiwen Deng 
    Abstract: Individual privacy has been a great concern to users who need the location based service by networked devices such as smart phones and personal computers. Usually, the provider who can provide a location based service is regarded as semi-trusted or honest-but-curious. It leads to tremendous harmfulness for users who request this service because the dishonest service provider leaks the users's personal information. To preserve user privacy, We propose a scheme which achieves user privacy information including location, identity, and domain, while the user can still obtain the required service from a service provider. For the sake of less computational time and minimal computer power, only symmetric key cryptography is employed in our system. This scheme is secure by our security analysis, and is feasible through our imitating implementation. Compared with related schemes, our scheme can provide sufficient property to meet our requirements. To the best of our knowledge, this is the first privacy preserving scheme for all privacy information of a user rather than the location privacy only as the previous literatures.
    Keywords: Preserving Privacy; Security; Confidentiality.

  • Drone Forensics: Examination and Analysis   Order a copy of this article
    by Farkhund Iqbal, Benjamin Yankson, Babar Shah, Maryam Ahmed AlYammahi, Naeema Saeed AlMansoori, Suaad Mohammed Qayed, Thar Baker 
    Abstract: Unmanned Aerial Vehicles (UAVs), also known as drones, provides unique functionalities, which allows area surveillance, Inspection, surveying, unarmed cargo, armed attack machines, and aerial photography. Although drones have been around for sometimes, mass adoption of this technology is new. The technology is widely adopted in fields including law enforcement, cartography, agriculture, disaster monitoring, and science research. Due to vulnerabilities, and the lack of stringent security implementation, drones are susceptible to GPS spoofing attacks, integrity attacks and de-authentication attacks. These attacks which can allow criminals to access data, intercept the drone and, and use it commit a crime and complicate forensic investigation. The need for standardized drone forensics is imperative in order to help identify vulnerabilities in different models of drones, solve drone related crime, and enhance security; thwarting any anti-forensic measure by criminals. Thus, this paper is presented to report on potential attacks against the Parrot Bebop 2 drone, and the ability for an investigator to collect evidence about the attacks on the drone. This paper aims at examining the possibility of establishing ownership and collecting data to reconstruct events, linking the drone controller with the drone to prove ownership, flight origins and other potentially useful information necessary to identify the proprietor of a crime. In addition, we have also proposed a small-scale drone ontology for modeling drone context data, and simple forensic processing framework for small-scale drones.
    Keywords: digital forensics; investigation; drone security; drone attack; context data; drone ontology.

    by Fernando T. Molina Granja, Glen D. Rodriguez Rafael, Raul Marcelo Lozada Yanez, Edmundo Bolivar Cabezas Heredia 
    Abstract: The model to evaluate is a model for the preservation of digital evidence-based institutions of criminal investigations where it is essential to preserve evidence that has characteristics of the environment with the purpose of increasing the rate of admissibility of the evidence in court. This article aims to evaluate the model and its impact in terms of security, admissibility, and long-term preservation characteristics. We respond to the following research question: Does the model, implemented in an software application for a case study, raise the admissibility of digital evidence in court?. Thus, a software application is developed, the unit of study is defined, and the results are analyzed. The study determined that the model, when implemented properly and following the guidance of implementation of the model, raises the admissibility of digital evidence in court.
    Keywords: PREDECI; assessment models; admissibility; digital evidence; guide implementation.

  • Combating credit card fraud with online behavioral targeting and device fingerprinting   Order a copy of this article
    by Othusitse Seth Dylan Phefo 
    Abstract: Billions of dollars are lost due to credit/debit card fraud every year. This trend has been going up despite the evolution of several fraud detection techniques that are applied to many business fields to try and stem the tide. Fraud detection involves, among other things, the monitoring of customers' credit card usage patterns in order to notice any changes that might reflect fraud and use such information to stop the transaction before any loss is realized, or to inform the customer of suspicious activity in their accounts. There are many existing fraud detection techniques employed by card issuers and researchers, but they seem not able to stem the tide. Online advertising companies employ a number of groundbreaking technologies to send targeted advertising to internet users among them Online Behavioral Targeting (OBT) and Device Fingerprinting (DF). These technologies are able to track and profile internet users up to the level of what device they are using and what they are most likely to purchase. In this paper we propose a novel Fraud detection framework that uses Online Behavioral Targeting (OBT) Data and Device Fingerprinting (DF) to improve the efficiency of an existing Fraud Detection System (i.e. the fusion approach using Dempster-Shafer theory and Bayesian learning). OBT and DF provide massive insights into our online behavior and can be used to pinpoint fraudsters as well as know shopping patterns of credit card users.
    Keywords: Fraud Detection; Security; Information Security; Dempster-ShaferrnAdder; Behavioral Targeting.

  • Information Security Model using Data Embedding Technique for Enhancing Perceptibility and Robustness   Order a copy of this article
    by Sunil Moon 
    Abstract: Information concealing using steganography is simple but to maintain its security, perceptibility, robustness, embedding capacity and good recovery of both cover as well as secret data are the major issues. This paper is focused on the improvement in all these major issues. The proposed technique embedded the secret image and audio as secret data into the randomly selected frames of video using Multi Frame Exploiting Modification Direction (MFEMD) algorithm. Hence it is very difficult to understand in which part of video, data is hidden. At the receiver end we have used the forensic tool for authentication to improve data security. Our simulation results are found to be better than any other existing methods in terms of Peak Signal to Noise Ratio (PSNR), Mean Square Error (MSE), Correlation Factor (C.F), good visual recovery of both original video and secret data, hiding capacity of secret data, security of secret data. Different types of attacks are applied on stego video during transmission like visual, chi-square, histogram, etc. to improve the perceptibility and robustness of secret data.
    Keywords: MFEMD; Audio Video Crypto-Steganography; Information security; CF; Attacks.

  • A Novel Median Filtering Forensics Based on Principal Component Analysis Network   Order a copy of this article
    by Xian Wang, Bing-Zhao Li 
    Abstract: As an important issue of forensic analysis, median filtering detection has drawn much attention in the decade. While several median filtering forensic methods have been proposed, they may face trouble when detecting median filtering on low-resolution or compressed images. In addition, the existing median filtering forensic methods mainly depend on the manually selected features, which makes these methods may not adapt to varieties of data. To solve these problems, convolution neural networks have been applied to learn features from the training database automatically. But the CNN-based method trains slowly and the parameters of it is hard to select. Thus, we proposed a PCANet-based method. And we test our trained model on several databases. The simulation shows that our proposed method achieves better performance, and trains much faster than CNN-based method.
    Keywords: median filtering; blind forensics; principal component analysis; neural network.

  • A Novel Authentication Scheme for Anonymity and Digital Rights Management Based on Elliptic Curve Cryptography   Order a copy of this article
    by Cheng-Chi Lee, Chun-Ta Li, Zhi-Wei Chen, Shun-Der Chen, Yan-Ming Lai 
    Abstract: Due to the rapid development of computer science and associated technologies, various text documents, multimedia data, software and many other forms of contents are now created, stored, and processed digitally, and almost all traditional contents of special value such as paper documents, music or video tapes, and a lot more, if possible, have also been digitized and managed digitally. As the Internet makes data transmission easy and fast, digital contents of all kinds can be spread all over the world at a shocking speed. Along with such amazing swiftness and convenience, however, modern computer and communication technologies have also brought various kinds of issues associated with digital rights management. Digital rights management (DRM) systems are access control technologies used to restrict the use, modification, and distribution of proprietary hardware and copyrighted works. Now, in view of modern peoples heavy dependence on their mobile devices, we consider it a good idea to design a DRM scheme on the basis of elliptic curve cryptography (ECC) because ECC is a very good mobile device level security tool. In this paper, we shall review Amin et al.s 2016 scheme and point out some security weaknesses we have found. Then, with the security flaws mended, we shall propose an improved ECC-based protocol for DRM that is especially suitable for applications on mobile devices.
    Keywords: Biometric; Digital rights management; ECC; Mobile device; User’s anonymity.

  • Malware Detection Model Based on Classifying System Calls and Code Attributes: A proof of Concept   Order a copy of this article
    by Malik Saleh 
    Abstract: The process of malware detection involves static code analysis and dynamic analysis. Both methods have limitations. This research tried to bridge the gap between the two methods by dynamically predicting the risk before the static analysis. The proof-of-concept examined the code of known malwares and concluded that five characteristics of the code will predict the risk of any executable file, namely, the system function, encryption, code obfuscation, stalling code, and checking for the debugger environment. The proof-of-concept validates the effectiveness of the model. It shows 96 percent success and limited false-positives results.
    Keywords: Malware; Malware detection; System Calls; Classifying system calls; static analysis; dynamic analysis.

  • Evaluation of Smartphone Data using a Reference Architecture   Order a copy of this article
    by Heloise Pieterse, Martin Olivier, Renier Van Heerden 
    Abstract: The 21st century is continuously witnessing the growth and evolution of smartphone technology. Central to this evolution is the use of popular smartphone applications. The frequent use of smartphone applications by people for everyday activities allows for the creation and storage of large quantities of smartphone data. Smartphone data is susceptible to change and can be compromised by anti-forensic tools, malware or malicious users. It is, therefore, important to establish the authenticity of such data before forming any conclusions. The first step to establishing the authenticity of smartphone data is to acquire a better understanding of the expected behaviour of smartphone applications. This paper introduces a reference architecture for smartphone applications, which captures the architectural components and models the expected behaviour of smartphone applications. An experiment conducted to examine the smartphone data of Androids default messaging application indicates that the reference architecture can assist digital forensic professionals in identifying authentic smartphone data.
    Keywords: Digital Forensics; Smartphone Forensics; Smartphones; Authenticity; Reference Architecture; Android; iOS; Applications.

Special Issue on: CCC 2016 Cybersecurity in the Connected World

  • Information Security Model Using Decision Tree for Jordanian Public Sector   Order a copy of this article
    by Omar Arabeyyat 
    Abstract: The rapid evolution of technology has created new services and introduced changes to the traditional style of delivery and dissemination. Organizations all over the world are trying to adapt e-services to reduce cost and enhance the quality of their e-services. To upgrade its services, the Jordanian government has introduced an e-government model, but a major obstacle has interrupted their introduction of the model. Specifically, the government had key issues with its information system security (ISS). While the development of the model happened in a rapid manner, the government's implementation and management of the laws and regulations did not happen in the same speed. The reason behind that is that as a third world country, Jordan does not have the budget to implement security culture and related management tools. Hence, this study investigates and builds a security model for an information security system for the Jordanian public sector. It also investigates the effect of the implementation of King Abdullah II model for excellence on Jordanian public sector. To build security culture and awareness, the study uses a decision tree (Iterative Dichotomiser 3) ID3 classifier, as a classifier. The study concludes that following best practice and security policy are the main factors that drive the performance of the security model for public sector organizations in Jordan.
    Keywords: Artificial intelligence; decision tree ID3; information security; leadership; public sector; awareness and training; best practice; security policy.

  • Should We Be Afraid of Cyber-Terrorism?   Order a copy of this article
    by Julian Droogan, Lise Waldek 
    Abstract: This article explores the extent to which we should fear cyber-terrorism through providing a review of scholarship and debates over the nature of cyber-terrorism, in particular speculation about its future affordances. It questions whether terrorists have ever really been able to weaponize the Internet much beyond using it as an effective communication tool, thus greatly reducing the likelihood of direct Internet facilitated terrorism. First, the history of warnings regarding the imminent threat posed by the Internet of becoming weaponized is presented, even though these warnings have tended to fail to materialize into reality. It is argued that speculations by individuals within the academic and policy community have failed to be born out in practice largely because the Internet has instead been used less as a weapon by terrorists and more as a sophisticated communication tool. It continues by posing a series of questions regarding online audiences that are in need of future research if we are to better understand the role of the Internet in spreading and supporting violent extremist discourse and cultivating terrorism. The most important question involves a better understanding of the role of audiences as autonomous agents in navigating, reacting and responding to online violent extremist materials.
    Keywords: Cyber-terrorism; Online radicalisation; audience reception theory.

  • Disclosure of Cyber Security Vulnerabilities: Time Series Modelling   Order a copy of this article
    by MingJian Tang, Mamoun Alazab, Yuxiu (Andrea) Luo, Matthew Donlon 
    Abstract: Cybercriminal use of the Internet continues to grow and poses a serious threat to individuals, businesses and governments. Software vulnerabilities represent a main cause of cybersecurity problems. Every day security engineers deal with a flow of cyber security incidents that are increasing. Effective management of software vulnerabilities is imperative for modern organisations regardless of their size. However, the vulnerability management processes tend to be more reactive in nature; relying on the publication of vulnerabilities, creation of signatures, and the scanning & detection process before control mitigations can be put into place. A forecasting model of the anticipated volume of future disclosures that leverages the rich historical vulnerability data will provide important insights help develop strategies for the proactive management of vulnerabilities. This study is the first to discover the existence of volatility clustering in the vulnerability disclosure trend. Through our novel framework for statistically analysing long-term vulnerability disclosures between January 1999 and January 2016, the result shows that our model can predict the likelihood that software contains yet- to-be-discovered vulnerabilities and be exposed to future threats such as zero-day attacks. Such knowledge could be potentially an important first step in crime detection and prevention and improve security practices.
    Keywords: Cyber security; cybercrime; risk analysis; vulnerability disclosure; time series; volatility; Generalised Autoregressive Conditional Heteroskedasticity.

  • A Security Framework for Node-to-Node Communications based on the LISP Architecture   Order a copy of this article
    by Mohammad Muneer Kallash, Mahdi Aiash, Jonathan Loo, Aboubaker Lasebae 
    Abstract: The Locator/ID Separation Protocol (LISP) is arnrouting architecture that provides new semantics for IP addressingrnto support communications between peripheral networks ofrndifferent technologies. Securing the LISP architecture has beenrninvestigated in the literature, while securing communicationsrnin peripheral networks are left to individual technologies. Thernauthors advocate the need for a comprehensive solution for securerncommunication based on LISP. Therefore, the paper introducesrna new node-to-node authentication and key agreement protocol.rnThe protocol is formally verified using formal method basedrnon Casper/FDR. Furthermore, the paper demonstrates how tornintegrate the proposed protocol with existing LISPs securityrnmechanisms in a form of a security framework.
    Keywords: Authentication and Key Agreement Protocols; Node-to-Node; Formal Verification; Location/ID Split Protocol.

Special Issue on: CCC 2016 Cybersecurity in the Connected World

  • Black hole attack evaluation for AODV and AOMDV routing protocols   Order a copy of this article
    by Abdelwadood Mesleh 
    Abstract: A mobile ad hoc network (MANET) is a collection of independent mobile nodes (MNs), MANETs communicate with each other by establishing a multi-hop radio network, because of their popularity, security becomes a main challenge due to their characteristics. Protecting their network layer from malicious attacks is one of the main challenging security issues, many of those attacks are reported on Ad-hoc On Demand Distance Vector (AODV) and Ad hoc on-demand multipath distance vector routing (AOMDV) protocols. Black hole attack (BHA) is among the serious attacks, in which wireless packets are redirected to a specific fake MN, actually, the fake MN does not exist in MANETs and it is similar to the black hole (BH) in the universe in which things disappear. This fake MN attacks other MNs as it presents itself in such a way that has the shortest path. This paper aims at investigating the security of the network layer of MANETs, it addresses the security issues of AODV and AOMDV to provide secure communication between MNs in MANETs, studies the impact of BHA on the performance of AODV and MAODV in terms of throughput, end-to-end delay and packet delivery ratio using network simulator version 2 (NS-2), and, compares the resiliency of these routing protocols against BHAs. Simulation results revealed that AOMDV is more resilient against BHAs as it is able to easily find alternative routes to destination MNs.
    Keywords: Black hole attack; AODV; MANETs; Intrusion detection; ad hoc network security;.