International Journal of Electronic Security and Digital Forensics (7 papers in press)
- Enhancing Malware Detection: Clients Deserve More Protection
by Mohammed I. Al-Saleh, Bilal Shebaro
Abstract: Sophisticated malware is designed to spread over the network and infect as many connected client machines as possible before being detected. Network security engineers have always been challenged to detect and track down such malware before infecting new client machines. Consequently, they proposed several techniques that are deployed at different network boundaries, such as network-based Intrusion Detection Systems (IDS) and Proxy-based solutions. However, recent malware has been successfully able to bypass security protocols and anti-malware shields deployed at the network level, leaving the client machines at high risk of infection. The client antivirus (AV) software is considered the last line of defense against attacks that bypass network-based protection systems. Had the AV also been bypassed, the client would have been infected and compromised. In this paper, we propose an improvement to the client-based AV software to complement the network-based anti-malware software. We propose an AV add-on feature that enhances the capability of existing AV software to scan network data. We show that our solution is capable of detecting malware spread over the network upon arrival to the client machine and before it starts to behave maliciously. In addition, our solution shows that it has no significant overhead on the system under normal network traffic.
Keywords: Antivirus; Scanner; Malware Detection
- An Efficient Resource-fair Commit-Prove-Fair-Open Protocol
by Ou Ruan, Jing Zhou, Mingwu Zhang
Abstract: With the development of modern Internet and mobile networks, there is an increasing need for privacy-preserving cooperative computation and cloud computing. Secure multi-party computation (SMPC) gives a general solution to these applications and has become a hot topic. The commit-prove-fair-open protocol is a multi-party fair exchange protocol against the malicious adversary, and it provides an important tool of SMPC and makes it possible to achieve the fairness of SMPC with corrupted majority according to the standard real/ideal world simulation paradigm. In this paper, we introduce two lemmas about the simplified Ca-menisch-Shoup commitment and the time-lines, and then based on these tools we propose a very efficient resource-fair commit-prove-fair-open protocol. Compared with the other commit-prove-fair-open protocols, our new protocol enjoys two important advantages: (1) the communications cost and computations price are less than 20% of others; (2) allows commitment to value 0, which is not implemented in the other constructions.
Keywords: commit-prove-fair-open; resource fairness; secure multi-party computation; fair exchange; time-lines
- An Image steganographic algorithm on Smart Mechanism of Embedding Secret Data (SMESD) in Images
by Mohan Kumar, Arokia Renjith
Abstract: One of the methods for effective and popular means of privacy protection in this digital world is Data Hiding. In reversible compressed image data hiding, the exact cover image is restored at approximate efficient rate after extracting the secret data from the stego-image. Histogram Shifting is a suitable technique where the secret data can be concealed into a stego-cover image which has limited change in appearance of the image. The improved version of the traditional histogram shifting method as proposed by SMESD, prevents overflow and underflow to a greater extent. The primary objective of this paper is to develop a high data hiding capability in histogram-based reversible data hiding algorithm by introducing a relatively lower distortion after embedding the secret message. This is used to achieve large hiding capacity and maintain the quality of the stego-image done by distributing the pixel value differences. Among the histogram based approaches existing, single histogram of the entire cover image is used for data hiding. The main benefit of distributing the pixel intensities locally and the design of the proposed algorithm utilizes a larger count of histograms that are obtained from every pixel of the image for hiding. The cover image is subdivided by segmenting the image into blocks of different sizes, based on an estimation scheme for all the blocks which are reproduced as a division tree. The information about the division tree and the secret data and are hidden in the blocks of the cover image. The proposed SMESD method increases data hiding capacity by identifying the divisions of the image that are not overlapping,
Keywords: Histogram shifting, Reversible data Hiding, Quad-tree segmentation, Image security, pixel value differencing.
- Robust and Imperceptible Image Watermarking in DWT- BTC Domain
by Amit Singh
Abstract: In this paper, an algorithm for digital image watermarking based on discrete wavelet transforms (DWT) and block truncation coding (BTC) has been proposed. In the embedding process, the host image is decomposed into first level DWT and the watermark image is compressed by BTC. The compressed watermark is then embedded into the selected sub-band of the host image. The proposed method has been extensively tested against numerous known signal processing attacks and has been found to be robust and highly imperceptible. Further, the performance of the algorithm has been tested with fractal compression technique. The performance of the BTC based technique is better than the fractal based compression techniques in terms of robustness and imperceptibility.
Keywords: Watermarking, DWT, BLOCK TRUNCATION CODING,
- Hiding Biometric Features in Audio Signals using Gramâ€“Schmidt Orthogonalization
by Arashdeep Kaur, Malay Kishore Dutta, K.M. Soni, Nidhi Taneja
Abstract: This paper presents a method of imperceptibly inserting a biometric based digital watermark generated from iris image in an audio signal. The use of biometric fea-tures as a watermark is proposed in this paper to address the issue of ownership of digital watermark and digital content. There is a need to design special audio watermarking algorithm which can accommodate biometric based watermark without disturbing robustness and perceptual transparency as biometric based watermarks are generally larger in size. The watermarking method presented has high embedding capacity and thus can reliably embed large biometric based watermark with good robustness under various attacks keeping perceptual transparency at an acceptable rate. The algorithm is designed using Gramâ€“Schmidt orthogonalization in third level detailed coefficients of multi-resolution decomposition to achieve high payload with good robustness such that watermark is not audible to human auditory system. The embedding capacity of the proposed method is evaluated to be 480 bps and the highest SNR achieved is 41.519 dB. Experimental results validate that the biometric watermark extracted even under different attack situations can be identified uniquely in the iris database.
Keywords: Gramâ€“Schmidt orthogonalization, Biometric features, Authentication, and Multi-resolution decomposition.
- Enabling Identity-based Cloud Storage Public Auditing with Quantum Computers Resistance
by Xiaojun Zhang, Chunxiang Xu, Chunhua Jin
Abstract: With the rapid development of cloud storage technology, users choose to store their data in the cloud server remotely. Without the burden of local data storage and maintenance, users can enjoy on-demand high quality cloud storage services. Recently, lattice-based cryptography has been considered as the best choice for post-quantum cryptography, which can resist quantum computer attacks. Considering the forthcoming of the quantum computer in the near future, in this paper, we propose an efficient identity-based cloud storage public auditing scheme, which is constructed based on lattice. We prove our scheme can guarantee public verifiability, unforgeability. Moreover, our scheme can prevent the third party auditor (TPA) from revealing the primitive data blocks of cloud users. In particular, to achieve efficient data dynamics, by utilizing index hash tables, our auditing scheme can efficiently perform dynamic operations. Efficient performance analysis demonstrates that our public auditing scheme is more efficient and more practical even in the post-quantum cryptographic era.
Keywords: public auditing; cloud storage; lattice-based signature; post-quantum cryptography
- Web Browser Artefacts in Private and Portable Modes: A Forensic Investigation
by Cassandra Flowers, Ali Mansour, Haider Al-Khateeb
Abstract: Web browsers are essential tools for accessing the Internet. Extra complexities are added to forensic investigations when recovering browsing artefacts as portable and private browsing are now common and available in popular web browsers. Browsers claim that whilst operating in private mode, no data is stored on the system. This paper investigates whether the claims of web browsers discretion are true by analysing the remnants of browsing left by the latest versions of Internet Explorer, Chrome, Firefox, and Opera when used in a private browsing session, as a portable browser, and when the former is running in private mode. Some of our key findings show how forensic analysis of the file system recovers evidence from IE while running in private mode whereas other browsers seem to maintain better user privacy. We analyse volatile memory and demonstrate how physical memory by means of dump files, hibernate and page files are the key areas where evidence from all browsers will still be recoverable despite their mode or location they run from.
Keywords: Web browser forensics; Portable applications; Private Browsing; Incognito mode; Physical Memory; Windows; IE; Chrome; Firefox; Opera; OSForensics