International Journal of Electronic Security and Digital Forensics (5 papers in press)
- A method for forensic artifact collection, analysis and incident response in environments running Session Initiation Protocol (SIP) and Session Description Protocol (SDP)
by Vasilios Katos, Ioannis Psaroudakis, Panagiotis Saragiotis, Lilian Mitrou
Abstract: In this paper we perform an analysis of SIP, a popular Voice over IP (VoIP) protocol and propose a framework for capturing andrnanalyzing volatile VoIP data in order to determine forensic readiness requirements for effectively identifying an attacker. The analysis wasrnperformed on real attack data and the findings were encouraging. It seems that if appropriate forensic readiness processes and controls arernin place, a wealth of evidence can be obtained. The type of the end user equipment of the internal users, the private IP, the software that isrnused can help build a reliable baseline information database. On the other hand the private IP addresses of the potential attacker even duringrnthe presence of NAT services, as well as and the attack tools employed by the malicious parties are logged for further analysis.
Keywords: Network forensics, SIP, VoIP Forensics, Intrusion Detection Systems (IDS)
- Symmetric Key Management for Mobile Ad hoc Networks using Novel Secure and Authenticated Key Distribution Protocol
by Anand Jegatheesan
Abstract: The wireless nature of communication and lack of security infrastructure raises several security problems in MANET. So, security routing is essential for Mobile Ad hoc Networks. A number of routing methods have been proposed for security routing. The key idea in our algorithm is to explore key authentication at the time of key sharing. Authentication is performed for key distribution and communication. This paves an integrity and authenticity. Collisions of source and destination nodes are reduced and Internal and external attacks are overcome using less cryptographic techniques with less computation steps. Confidentiality is achieved by encrypting the keys. A novel symmetric key sharing method is proposed which emphasizes the efficient and secure key sharing and key updates. In our Scheme, Digital Signature and Symmetric key combine together and protects the efficiency aspects. Through extensive simulation analysis it is inferred that our algorithm provides an efficient approach towards security and in the mobile ad hoc network.
Keywords: MANET; Symmetric key; Authentication; Secured Hash.
- Hybrid Technique for Robust and Imperceptible Dual Watermarking using Error Correcting Codes for Application in Telemedicine
by Amit Singh
Abstract: In this paper, the effects of different error correction codes on the robustness and the image quality are investigated. Three different error correcting codes such as Hamming, the BCH (Bose, Ray-Chaudhuri, Hocquenghem) and the Reed-Solomon code are considered to encode the watermark. The embedding watermarks method based on the two most popular transform techniques which are discrete wavelet transforms (DWT) and singular value decomposition (SVD). The proposed algorithm is robust against number of signal processing attacks without significant degradation of the image quality. The experimental results demonstrate that this algorithm combines the advantages and remove the disadvantages of these two transform. Out of three error correcting codes tested, it has been found that Reed-Solomon shows the best performance. A detailed analysis of the results of implementation is given.
Keywords: image watermarking, steganography, discrete wavelet transforms, singular value decomposition, error correcting codes.
- Vietnamese Privacy Concerns & Security in Using Online Social Networks
by Mathews Nkhoma
Abstract: According to a report by Vietnam Network Information Center (VNNIC) on Vietnam Internet resources in 2012, the number of Internet users in Vietnam had increased by 15 times compared to 2000. As a result of increased Internet usage, 35.49% of the Vietnamese population had a 53% chance of encountering online threats without even knowing it. The purpose of this research is to investigate the relationship and influence of security and privacy issues on Internet users trust, and their intention to participate in a safe online community in order to provide preliminary insights for building a safer Online Social Network (OSN) landscape in Vietnam by examining the relationships among online privacy concerns, security, trust, and intention. Using Structural Equation Modeling, the findings show that privacy correlates with security but these two variables do not have a significant impact on users trust. Moreover, only trust and security affect users intention to use OSN.
Keywords: Online social network, privacy concerns, security, trust, intention
- A Secure and Timestamp based Communication Scheme for Cloud Environment
by Abu Salim, Sachin Tripathi, Rajesh Kumar Tiwari
Abstract: Cloud computing provides the capability to use computing and storage resources on a rented basis and reduce the investments in an organizations computing infrastructure. With all its benefits, cloud computing also brings with it concerns about the security and privacy of information extant on the cloud as a result of its size, structure, and geographical dispersion. Secure communication in Cloud Environment is necessary to access remote resources in a controlled and efficient way. For validation and authentication digital signatures using public key cryptography is extensively used in cloud computing. Further to keep confidentiality, Digital Envelope which is the combination of the encrypted message and signature with the encrypted symmetric key is also used. In this paper we propose a Timestamp based authentication scheme for cloud client with a modified Digital Envelope. As hyperelliptic curve cryptosystem (HECC) is known for its small key size and high security, we have taken HECC encryption technique. We have also presented a security analysis to show that our scheme can resist various attacks related to Cloud Environment.
Keywords: Cloud Computing, HECC, Digital Envelope, Digital Signature, Public Key, Private Key