International Journal of Electronic Security and Digital Forensics (17 papers in press)
Security awareness and the use of location based services, technologies and games
by Jacques Barnard, Magda Huisman, Gunther Drevin
Abstract: Rapid expansion and development in the modern mobile technology market has created an opportunity for the use of location-based technologies and games. Because of this fast expanding market and new technology, it is important to be aware of the implications this expansive technology could have on computer security. This paper will endeavour to measure the impact of location-based technologies and games on the security awareness of first- to fourth-year computer science university students. A questionnaire, posted on the web, and completed by computer science students from different year groups, was used to collect the data for this study. The major results of this study are the following: There is a difference in the security awareness of students who use and play location-based services, technologies and games and those who do not. This study also determined that the computer science students are cautious of security implications although they do not take preventative measures.
Keywords: Technology use; mobile location-based games; mobile location-based service; security awareness;.
An Investigation into the Forensic Implications of the Windows 10 Operating System: Recoverable Artefacts and Significant Changes from Windows 8.1
by Diana Hintea, Robert Bird, Michael Green
Abstract: With the release of Microsofts latest operating system, Windows 10, forensic investigators must examine it in order to determine the changes implemented from Windows 8.1 and the addition of new artefacts. This study is an analysis of Windows 10 and its new features in order to distinguish these artefacts. The tools used include: VMware Fusion, FTK Imager, Process Monitor, Process Explorer, ESEDatabase View and Registry Explorer. The paper also determines if artefacts have changed in Windows 10 in comparison to the previous version of Windows, Windows 8.1. When comparing the two it was found that many of the pre-existing artefacts found within Windows 8.1 are still present in Windows 10. Slight differences are noted in the way Prefetch files are compressed and also the Thumbnail databases. Significant artefacts related to the new features in Windows 10 are also reported.
Keywords: Windows 10; Forensic Analysis; Digital Forensic Acquisition.
An Evidence Collection and Analysis of Windows Registry
by DINESH PATIL, Bandu Meshram
Abstract: The cyber crimes are committed internally or externally. The malwares and the remote access are the means of committing the cyber crimes externally, whereas the trusted insider in an organization causes industrial espionage internally. On the Windows System, the Registry is a source of evidence against the cyber criminal as it maintains the details of the activity on the system. The digital forensic investigation of the Windows Registry helps in collecting forensic information relevant to the case. The Registry maintains a very large amount of system and user related information. In order to gather the potential evidence about the malicious activities of the user, the forensic investigator is needed to search the entire Registry; resulting in the wastage of the time and the effort. This raises the need for an evidence collection and analysis methodology to identify, extract and analyze the evidence specifically related to the user activities on the system. After considering the existing research, this paper suggests a framework with the improved evidence collection and analysis methodology to aid in the process of Digital Forensic Investigation of Registry for identifying the potential malicious insider.
Keywords: Registry; Registry Key; Hives; Integrated Analysis; Timeline.
Embedding Digital Watermark in One-Dimensional Signals Using Wavelet & Schur Decomposition
by Arashdeep Kaur, Malay Kishore Dutta, K.M. Soni, Nidhi Taneja
Abstract: An efficient, robust and secure audio watermarking algorithm which can hide large number of watermarking bits without perceptually affecting the quality of the audio signal is presented in this paper. The proposed algorithm has been de-signed using Schur decomposition of wavelet coefficients to achieve the optimal balance between conflicting design parameters of audio watermarking. Schur de-composition makes the proposed method significantly robust against challenging signal processing attacks and discrete wavelet transform gives a good opportunity for accommodating very high watermarking payload without affecting the percep-tual quality. The choice of these two domains complement each other in address-ing the contradictory design requirements of watermarking. Experimental results indicate that this algorithm is highly perceptually transparent and have excellent subjective audible quality at 480 bps embedding capacity. This algorithm has shown very good robustness to the challenging synchronization attacks like com-pression and various signal processing attacks at very high payload without af-fecting the audible quality of the signal. The computation time of the proposed al-gorithm is also found to be very less making it suitable for real time applications.
Keywords: Audio Watermarking; Wavelet decomposition; Digital Watermark; High embedding rate; Schur decomposition.
Encryption Scheme Classification : A Deep Learning Approach
by Jonathan Pan
Abstract: Encryption has an important role in protecting cyber assets. However use of weak encryption algorithms could render this intent useless as it could be exploited to gain unauthorized access to these important assets. This vulnerability may be exploited intentionally. Hence this vulnerability has been formally recognized with its own Common Vulnerabilities and Exposures (CVE) label by cyber security community as the vulnerability to protect. When exploited, detecting this vulnerability from encrypted data is very difficult task to undertake. This research explores the use of recent advancement in machine learning algorithms specifically deep learning algorithms to classify encryption schemes based on entropy measurements of encrypted data with no feature engineering. Past research work using various machine learning algorithms have failed to achieve good accuracy results in classification. The research entails applying encryption algorithms Data Encryption Standard (DES) and Advanced Encryption Standard (AES) with block cipher modes namely Electronic Codebook (ECB) and Cipher Block Chaining (CBC) over the image dataset from CIFAR10. Two ImageNet winning Convolutional Neural Network deep learning models namely AlexNet and GoogleNet are used to perform the classification. Transfer learning and layer modification were applied to evaluate the classification effectiveness. This research concludes that deep learning algorithms can be used to perform such classification where other algorithms have failed.
Keywords: Encryption Classification; Deep Learning; Artificial Intelligence.
Comments on "An improved authentication scheme for mobile satellite communication systems"
by Lili Yan, Yan Chang, Shibin Zhang
Abstract: Recently, Lee et al. proposed an authentication scheme for satellite communication systems. Then Zhang et al. found that their scheme is vulnerable to the smart card loss attack, the denial of service attack and the replay attack. In addition, they proposed an improved authentication scheme for satellite communication systems, and claimed resistance against these attacks. Nevertheless, in this paper, we show that the Zhang et al.'s scheme is as insecure as the original protocol against the denial of service attack. Then an improved version is proposed to avoid this security flaw. Finally, the security, reliability and performance analysis of the improved protocol are given. It demonstrates that the improved version meets the security requirements and has lower computation costs, which is more suitable for mobile satellite communication systems.
Keywords: satellite communication systems； authentication； security； smart card.
Efficient Multi-receiver Identity-based Signcryption from Lattice Assumption
by Xiaojun Zhang, Chunxiang Xu
Abstract: Signcryption is a public-key cryptographic primitive which combines the functions of public-key encryption and digital signature into a single logical step at low computational and communication costs. While multi-receiver signcryption is suited for a situation where a sender wants to send a signcrypted message to multiple receivers in a confidential and authenticated way. Due to this attractive property, recently, multi-receiver signcryption plays an important role in some practical applications such as virtual conference as well as authenticated mail transferring. In this paper, we present an efficient multi-receiver identity-based signcryption (MIBSC) scheme from lattice assumption which is believed to resist quantum computer attacks. The proposed scheme is provably secure in the random oracle model, which has the indistinguishability against chosen ciphertext attacks under the hardness of learning with errors (LWE), and existentially unforgeability against chosen message attacks under the small integer solution assumption (SIS). Moreover, we also compare our MIBSC scheme with existing schemes from performance efficiency and security, the result shows that our proposed scheme is more efficient and more secure. In particular, our scheme can be properly applied in the post-quantum communication environments.
Keywords: multi-receiver signcryption; lattice assumption; post-quantum cryptography; learning with errors (LWE); small integer solution assumption (SIS).
A Novel Chaotic Hash based Attribute-Based Encryption and Decryption on Cloud Computing
by Lakshmi Naga Divya Tamma, Shaik Shakeel Ahamad
Abstract: Cloud computing has evolved as widely accepted and used paradigm for service providers as well as customers on internet. Customers provide their sensitive information on cloud, thus it has become an important concern of the cloud service providers. As users share their sensitive information on cloud, it has become the major concern of the cloud service providers to make their environment more secure and trustworthy. For adding extended security, the sensitive data are needed to be encrypted prior to its upload on cloud. Numbers of cryptographic algorithms are proposed by various researchers for this purpose. The main objective of Attribute-Based Encryption(ABE) model is to achieve security and access control. Here users attributes used as the main factor in both secret key as well as in cipher text. If the attributes of secret key and cipher text are same as a threshold d, decryption is possible. ABE is also collision resistant. The main problem of these models is users public keys are needed for the process of encryption by data owner. This drawback forbids the implementation of this model in real environment due to involvement of monotonic attributes. To resolve the issue of this conventional attribute-based model, a novel modified and extended Hash based ABE model was implemented on the cloud storage data. Experimental results proved that the proposed model has high computational accuracy compared to traditional ABE models in terms of time and data size are concerned.
Keywords: ABE; Cloud security; Hash Algorithm,CPABE,KPABE.
Effective Methods to Detect Metamorphic Malware: A Systematic Review
by Mustafa Irshad, Haider Al-Khateeb, Ali Mansour
Abstract: The succeeding code for metamorphic Malware is routinely rewritten to remain stealthy and undetected within infected environments. This characteristic is maintained by means of encryption and decryption methods, obfuscation through garbage code insertion, code transformation and registry modification which makes detection very challenging. The main objective of this study is to contribute an evidence-based narrative demonstrating the effectiveness of recent proposals. Sixteen primary studies were included in this analysis based on a pre-defined protocol. The majority of the reviewed detection methods used Opcode, Control Flow Graph (CFG) and API Call Graph. Key challenges facing the detection of metamorphic malware include code obfuscation, lack of dynamic capabilities to analyse code and application difficulty. Methods were further analysed on the basis of their approach, limitation, empirical evidence and key parameters such as dataset, Detection Rate (DR) and False Positive Rate (FPR).
Keywords: Metaphoric malware; Malware Detection; Review; Opcode; Control Flow Graph; API Call Graph.
A novel smooth texture based visual cryptography approach for secure communication
by Ram Barik, Sitanshu Sahu, Suvamoy Changder
Abstract: This paper proposes a novel encoding technique to encrypt information as visual object embedded in an image. The textures of the objects are made up of lines to form a geometrical shape. The images of the textures are combined to produce an overt cipher host image which appears as a grid structured image. The cipher host image holds the covert informations which are embedded inside those sub-image or grids as an object in a chaotic pattern. The textures of objects for encoding the information is generated then reshuffled and arranged to barred it from eavesdropping. For decryption visual character recognition is being applied using artificial neural network. The reliability of the proposed approach has been illustrated with some empirical examples. The overall cryptography process in a digital image makes it a simple and effective methodology for the secure communication.
Keywords: Grid Structured; Cryptography; Texture; Visual Cryptography; Multilayer Perceptron; Shuffling pattern; RSA; DES (Data encryption Standard); AES (Advanced Encryption Standard.
An information system risk assessment model: A case study in on-line banking system
by Sajjad Sokouhyar, Azadeh Karimisefat, Maryam Nezafatbakhsh
Abstract: Today, almost all bank affairs are automatic and all transactions, processing and money transfers are performed by applying information systems technologies. Moreover, to codify the strategies and making management decisions more effectively, banks, rely on electronic information systems. The remarkable point is the security and the security risk management of information systems which the traditional point of view would not overcome its future challenge. This paper, identified the relevant elements to the security risks of informational electronic banking systems based on previous research studies. The final weight of all elements was then determined by fuzzy analytic hierarchy process and Chung weighing method. After that, the final weights of all elements in three case studies from banking section have been calculated. Ultimately, elements securities of those banks were clarified by using Jaeger Fuzzy Classification. The results indicated that the vulnerability element has the most weight.
Keywords: Risk management; Information security; informative systems; Fuzzy logic.
Implementation of RFID Mutual Authentication Protocol
by Sivasankaran Kumaravel, Ashik JOJI
Abstract: RFID (Radio Frequency Identification): The most flexible auto identification technology has a dereliction in its security. Over the years researchers have worked on the security issue of the long established commonly used Passive UHF RFID tags and have come up with some authentication protocols scorning its hardware implementation. Here a lightweight mutual authentication protocol is implemented in ASIC based on the EPC Class 1 Generation 2 framework released by EPC global, which is the widely used industrial standard for passive UHF RFID communication. We have proposed to incorporate ROM to store message signal, which shows significant reduction in area and power as compared to existing digital baseband architecture.
Keywords: EPC; security; RFID; LFSR; lightweight; authentication; VLSI; pierndecoder; fm0 encoder.
A review of video falsifying techniques and video forgery detection techniques
by Manar A. Mizher, Mei Choo Ang, Ahmad A. Mazhar, Manal A. Mizher
Abstract: The term video attack has gained attention under the name video forgery. The simplest type of video forgery is copy-move tampering which can be detected by human eyes. The complex type of video forgery is video falsifying which is more professional than copy-move as highly improved techniques are needed to detect a falsified video. The difficulty of detecting video falsifying attack because of changing the semantic meaning of the original videos by creating fake videos can be conducted by editing, combining or generating a new video content. In this paper, several types of video falsifying techniques and video forgery detection techniques are studied and classified, challenges with existing forgery detection techniques are given, and a conclusion of recommended suggestions is presented. Recommendations focus on advanced forgeries such as object motion interpolation forgeries, and dynamic texture inpainting to increase the security against these types of tampering on key frames.
Keywords: video falsifying; forgery detection; spatio-temporal attacks; secure system; fingerprint framework; key frames extraction.
A proposal for curriculum development of educating and training Brazilian police officers in digital forensics investigation and cybercrime prosecution
by Ilane Cunha, Jefferson Cavalcante, Ahmed Patel
Abstract: The internet and computer systems are infested by cybercrimes. Like any other crime, it needs investigations and analysis to prosecute the criminal. It is against this backdrop that it is important to have educated and trained staff not only to fight cybercrimes but to comprehensively investigate them objectively for the purpose of prosecution. This article presents a proposal for the curriculum development, education, training and certified qualification of Brazilian police officers for preparing them to be as knowledgeable, reliable, efficient and effective as possible. The proposal presents two types of training and qualification: police officers as first responders who are likely to encounter cybercrime activities and police officers as cybercrime investigators and analyst as highly skilled world class investigator specialists. To meet this target, the proposal after presenting the background concepts and requirements presents, the syllabus and laboratory practical sessions for each level of training to evolve specialist investigators.
Keywords: cybercrime training; cybercrime investigators; cybercrime prosecutors; computer and digital investigations; digital forensic; computer forensics; security; security threats; privacy; curriculum development; syllabus development; accreditation; qualification.
An automobile security protocol: side-channel security against timing and relay attacks
by Mohd Anuar Mat Isa, Habibah Hashim, Syed Farid Syed Adnan, Norhaflyza Marbukhari, Nur Nabila Mohamed
Abstract: Keyless go, automotive keyless systems (AKS), passive keyless entry and start (PKES) are names given to smart systems that allow a driver to unlock a car without pressing any key, and drive the car without inserting a smart key for starting or stopping the car engine. It is one of the debutant IoT applications in automotive sector. This work presents a 128-bit pairing security protocol (PSP 128 bits) lightweight cryptographic protocol as a security protocol authentication between owner and car. The PSP 128 security analysis in timing and relay attacks by an adversary will be discussed and its resilience proved using a theoretical security reduction method. The theoretical security reduction results are supported by findings from an experimental test bed using RaspberryPi board and radio frequency (RF) communication. Based on the experiment results, the PSP 128 can support up to 56 thousand authentication sessions between owner and car per typical usage. It is estimated that a standard automotive battery running the device can have a lifespan of up to seven years with typical use.
Keywords: keyless; automotive; relay attack; side-channel attack; IoT; lightweight; cryptography; RF security; RaspberryPi.
An improved LSB-based RDH technique with better reversibility
by Jayanta Mondal, Debabala Swain, Dushant P. Singh, Sharmila Mohanty
Abstract: Lossless image recovery has significant importance in image transmission and security. In this aspect, lots of reversible data hiding (RDH) techniques are available as literature. Still ample measures can be adhered to achieve better reversibility. This paper presents an improved reversible RDH technique to perform a quantitative study to evaluate the recovery of sent image without any distortion. In reversible data hiding, the original image has to go through the encryption and embedding process before transmitting to the receiver. In the proposed RDH technique, a series of computations are done on the three LSB to embed secret bits in the encrypted image. Similarly, the reverse computations are performed on the LSBs to extract the original image content from the decrypted image. Experimental analysis proves the achievement of the proposed technique through different parameters like, PSNR, SSIM, etc.
Keywords: reversible data hiding; RDH; LSB-based encryption; data embedding; lossless recovery.
Identifying artefact on Microsoft OneDrive client to support Android forensics
by Gandeva Bayu Satrya, A. Ahmad Nasrullah, Soo Young Shin
Abstract: Microsoft software is perhaps the most widely used around the world. As computing technology has evolved they have been at the cutting edge and have developed a number of groundbreaking and useful applications. Microsoft OneDrive is one such application. OneDrive is a cloud storage service offering 7 GB free storage to users. This technology can be misused and through it laws governing the cyber world violated. Current solutions to this are to perform digital forensics when cybercrime has occurred. This research used two different vendors of Android smartphones as experimentation objects. A model has been developed in this research, which provides instructions for digital mobile forensics analysis in finding artefacts related to the client's activities on OneDrive cloud storage application. These artefacts can be used as digital evidence by digital forensics investigators and the research increases the knowledge of cyber law practitioners.
Keywords: artefacts; cybercrime; cloud storage; digital forensics; Android forensics; OneDrive analysis.