International Journal of Electronic Security and Digital Forensics (19 papers in press)
- Procedural aspects of the new regime for the admissibility of expert evidence: what the digital forensic expert needs to know
by Carlisle George, Oriola Sallavaci
Abstract: This paper reviews some aspects of the proposed reform on the admissibility of the expert evidence in criminal trials. The review focuses on the impact such reform will have on several procedural aspects of the criminal trial such as the role of trial judge, burden of proof for evidential reliability, power of the court to disapply the reliability test and the engagement of court appointed experts. The paper concludes that some of the procedural aspects bring new difficulties that may not be easily solved. Also that the digital forensics community may have a new opportunity to pay an integral part in aiding the legal profession in light of the requirements of the new regime.
Keywords: Law Commission; expert evidence; burden of proof; court appointed experts.
- Cryptanalysis of a key agreement protocol based on chaotic Hash
by Debiao He
Abstract: With the rapid development of theory and application of chaos, the chaotic Hash has been widely used in cryptosystems. Recently, Guo et al.s proposed a secure key agreement protocol based on chaotic Hash. They claimed that their protocol could withstand various attacks. Unfortunately, by giving concrete attacks, we demonstrate that Guo et al.s protocol is vulnerable to the off-line password guessing attack. The analysis shows Guo et al.s protocol is not secure for practical application.
Keywords: Chaos; Hash function; Key agreement; Chebyshev; Password guessing attack
- An Enhanced Hill Cipher Approach for Image Encryption in Steganography
by Karthikeyan B, Jagannathan Chakravarthy, Vaithiyanathan V
Abstract: In this paper, a new approach is adopted to embed an image within an image using a modified Hill Cipher method. The secret image is taken and rearranged to form N 2x2 matrices.A key matrix of length 2x2 is multiplied with all the N matrices and modulo-256 operation is performed. Then the new N matrices are rearranged to form a one-dimensional matrix. Each element of this matrix is converted to its binary value. A cover image is taken and in each of its pixels, the two least significant bits (LSB) are replaced with two bits from the binary matrix successively. While retrieving, the last two bits from each cover pixel are taken out, arranged to form a binary matrix and are converted into their respective 8 bit values. This one dimensional array is converted into N 2x2 matrices. These matrices are multiplied with the inverse of the key matrix to get the original values. These values are then rearranged appropriately to get the secret image which was transmitted.
Keywords: Encryption, Decryption, Steganography, Enhanced Hill Cipher, LSB substitution
- HTTP BOTNET DETECTION USING HIDDEN SEMI-MARKOV MODEL WITH SNMP MIB VARIABLES
by Kiruabavathi Venkatesh, R. Anitha Nadarajan
Abstract: Botnet has become a prevalent platform for many malicious attacks and hence it is considered as a serious threat to Internet security. A botmaster can control millions of compromised systems using command and control (C&C) of botnet. At early time IRC protocol based botnets were used by the attackers. Recently attackers have shifted their paradigm towards HTTP based C&C server because of several advantages and in this situation, bots frequently request and download commands from web servers which are under the control of botmaster. Since web based C&C bots try to blend into normal HTTP traffic, it is difficult to identify HTTP botnets. In this work, we propose a Hidden semi-Markov chain Model (HsMM) to characterize the normal network behavior considering that most of the communications of web based bots are based on TCP, we use TCP based MIB variables as observed sequence and forward-backward algorithm for estimating model parameters to best account for an observed sequence. Several experiments are conducted to validate our model. The proposed system is light weight and real time.
Keywords: Botnet, HTTP Botnet detection, SNMP MIB traffic Variables, Hidden semi-Markov Markov Model (HsMM).
- A new identity based ring signcryption scheme
by Lunzhi Deng
Abstract: This paper presents a new identity-based ring signcryption scheme. With
this technique, anyone can choose n − 1 entities to generate a verifiable ring
signcryption on behalf of the group of n members, yet the actual signcrypter
remain anonymous. The scheme is proven to be indistinguishable against
adaptive chosen ciphertext attacks, existentially unforgeable against adaptive
chosen message and identity attacks, and unconditional signcrypter ambiguity
under the random oracle model.
Keywords: Identity-based cryptography, Ring signcryption, Random oracle model, Security
- Secure k-NN Query on Encrypted Cloud Database without Key-sharing
by Youwen Zhu, Rui Xu, Tsuyoshi Takagi
Abstract: In cloud computing, secure analysis on outsourced encrypted data isrna significant topic. As a frequently used query for onlinernapplications, secure k-nearest neighbors (k-NN) computation on encrypted cloud data has received much attention, and several solutions for it have been put forward. However, most existing schemes assume the query users are fully trusted and all query users know the entire key which is used to encrypt and decrypt data owner's outsourced database. It is constitutionally not feasible in lots of real-world applications. In this paper, we propose a novel secure and practical scheme for preserving data privacy and supporting k-NN query on encrypted cloud data. In the new approach, only limited information about the key of data owner is disclosed to query users, and the data privacy can be protected even when query users leak their knowledge about the key to adversary. Theoretical analysis and experiment results confirm the security and practicality of our scheme.
Keywords: cloud computing; privacy; k-nearest neighbors; query.
- Intellectual Property Right Protection of Image Data using DCT and Spread Spectrum based Watermarking
by Harsh Singh, Suman Yadav
Abstract: For digital document, watermarking provides intellectual property right protection through embedded copyright mark. However, due to attacks using signal processing methods offers challenges in designing robust copyright techniques. This paper presents a novel method for enhancing robustness in copyright marking into mid-frequency discrete cosine transform (DCT) coefficients of an image using spread spectrum techniques. Performance evaluation of proposed algorithm has been made using Bit Error Rate (BER) and Peak Signal to Noise Ratio (PSNR) value for different watermark size and images: Lena, Girl, and Tank images yield similar results. This algorithm is simple and does not require the original cover image for watermark recovery. A set of systematic experiments, including JPEG compression, Gaussian filtering and addition of noise are performed to prove robustness of our algorithm. Thus, it is potentially useful in robust copy-right marking for intellectual property right protection applications.
Keywords: Data embedding, Watermarking, Robust Steganography, Spread Spectrum.
- The Impact of the Antivirus on the Digital Evidence
by Mohammed Al-Saleh
Abstract: Digital Forensics (DF) has a significant role in accusing cyber criminals and proving them guilty under the law. Analyzing the collected data to extract crime evidences is a major step in DF. Keeping the evidential data unchanged during the acquisition process is one of the most challenging steps for forensics analysts. A criminal, if possible, may manage to delete the crime evidences in order to deny her responsibility about the crime. As the Antivirus (AV) software becomes an essential component of the most PCs, this paper studies the effect of the AV on the digital evidences. The AV installs itself at variety of system locations to gain advanced scanning capabilities. The AV intercepts many system operations to check if the involved data contain malicious contents by scanning the data against its database of virus signatures. This behavior of the AV motivates us to study the effect of the AV on the data from forensics point of view. The RAM memory contains valuable information to forensics analysts. We design representing experiments which involve several common tasks and check how the AV affects the RAM artifacts of these tasks. We test three common AVs (Sophos, Symantec, and Kaspersky) against the No-AV-installed case and show that the AV has an obvious effect on the tasks' RAM artifacts. To the best of our knowledge, we are the first to study the effect of the AV on the evidential data from forensics perspectives. Finally, this paper suggests that forensics analysts need to be aware of the existence of the AV while collecting crime evidences.
Keywords: Digital Forensics, Digital Evidence, Antivirus, RAM Artifacts
- Wavelet-Transform Steganography: Algorithm and Hardware Implementation
by Bassam Mohd, Thaier Hayajneh, Ahmad Quttoum
Abstract: Steganography is a powerful method to conceal the existence of secret data inside a cover object. The concealment steps are performed in the spatial domain and/or the transform domain such as wavelet transform. While it is harder to detect, the transform domain steganography involves complex computations. Hence implementing steganography in hardware improves the steganography system performance. The preservation of the entire secret information is one of the main challenges for the transform domain steganography. Errors, introduced by quantization steps, destroy some of the embedded secret bits. In this paper, we present a novel algorithm to embed and extract the entire secret data in the Haar wavelet-based transform without any secret information loss. This is accomplished by special clipping mechanism as well as modifying the placement of the secret bit in the transform coefficients. The algorithm is implemented in an FPGA-based hardware, and its performance metrics are examined including resources utilization, power, timing and energy.
Keywords: security, data security, image processing, very-large-scale integration, field programmable gate arrays, digital signal processors, steganography
- Lattice-based message recovery signature schemes
by Miaomiao Tian
Abstract: The message recovery signature scheme is a very useful signature scheme in which the verification of signature does not require the appended message, because the message can be easily recovered from the signature. Although message recovery signatures based on conventional number-theoretic problems have been achieved, it is still unknown whether message recovery signature can be implemented based on lattices, which are receiving considerable attention in cryptographic community since they are resistant to quantum computer's attacks. This paper provides a positive answer to the above question by presenting two concrete lattice-based message recovery signature schemes. The two schemes make use of the efficient lattice-based signature scheme recently created by Lyubashevsky and presented at EUROCRYPT 2012. Our constructions are proved to be secure in the random oracle model under the short integer solution assumption. Compared with Lyubashevsky signature scheme, our schemes are more efficient in terms of communication overhead.
Keywords: cryptography; lattice; message recovery signature
- On the Reliability of Forensic Schemes Using Resampling for Image Copy-Move Forgery
by xiaobing Kang, guangfeng Lin, erhu Zhang, yajun Chen
Abstract: The goal of image forgery detection in multimedia security and forensics is to find a clue of image manipulation and to prove the inauthenticity of digital images. The presence of the original and its duplicated regions in an image is regarded as a fingerprint for copy-move forgery. The problem investigated here concerns the situation when resampling process is employed in the pre-processing stage of detecting image copy-move forgery. In several detection techniques of copy-move forgery in digital images, resampling is utilized to lower the spatial resolution of an image, further improving the efficiency and the speed of image forensics. However, the reliability of detection methods has not been examined in detail. In this paper, we take a view of some recently-proposed forensic techniques using resampling and analyse the reliability of detecting copy-move forgery, by modeling copy-move forgery process and detection problem. Based on theoretical analysis and experimental validation it is concluded from this study that a correct detection of image copy-move tamperings may be impeded by resampling operation under certain conditions and it is more difficult to reveal the forgery than previously thought.
Keywords: Multimedia security; digital image forensics; copy-move forgery; resampling ; reliability
- On the security of an authentication scheme for multi-server architecture
by Debiao He
Abstract: Recently, Pippal et al. proposed an authentication scheme for multi-server architecture. They claimed their scheme could withstand various attacks. After reviewing their scheme, we show their scheme is vulnerable to four attacks. The analysis shows their scheme is not secure for practical applications.
Keywords: Authentication scheme; Multi-server architecture; Smart card
- Self-synchronizing Image Steganography algorithms based on Error-Correcting Codes
by Sushil Kumar
Abstract: Error Correction Codes based techniques have been used by many researchers for image steganography to find a tradeoff either between high embedding efficiency and low embedding complexity or between high embedding efficiency and high embedding capacity. However, there are other characteristics of steganography such as undetectability, security, robustness against common attacks and complexity that require the same attention. In this paper we shall discuss error correction codes based image steganography techniques to find a tradeoff between high embedding capacity, high embedding efficiency, security, undetectability and imperceptibility. This paper presents two noval steganographic algorithm: first is error based syndrome technique based on Reed-Muller codes and other is based on Reed-Solomon Code. Before embedding, the message is encoded using self-synchronizing T-codes, in place of Huffman codes, that not only compress the message, but also helps in synchronizing the message at decoding stage of extraction. The comparisons of the proposed algorithms is done with Hamming based Matrix embedding, an improved pre-flipping matrix embedding, and Hamming based error map technique. The experimental results show that proposed algorithms have better imperceptibility, multi-layered security, provable security and constant embedding efficiency.
Keywords: Steganography, RM- codes, RS- codes, WPSNR, SSIM, KLDiv
Special Issue on: "ICGS3 articles from 9th ICGS3-13 Conference"
- Thresholding Attack on the BSS-Based Cryptosystem which Has Binary Key
by Ali Sadr, Raziyeh Sadat Okhovat
Abstract: In this paper, it has been shown that the BSS-based cryptosystem with binary key which has only two values, does not provide the security goal. In fact, the private key can be fully realized by applying a proper threshold on the encrypted signal. Performance analysis in terms of normalized MSE shows that the original signal can be accurately extracted by the proposed procedure from the encrypted one. Therefore, a key with multiple values has been exploited to enhance the security of the cryptosystem.
Keywords: Blind Source Separation (BSS), Independent Component Analysis (ICA), Cryptography, Cryptanalysis
- SECURITY CHALLENGES IN THE DISTRIBUTED CLOUD COMPUTING
by Hossein Jahankhani, Ikechukwu Nwobodo, Aloysius Edoh
Abstract: Cloud computing has altered the overall representative picture which distributed computing present in IT environment such as grid and server client computing. Cloud computing has given a new innovative meaning to off-premises and distributed computing. Although cloud computing offers more economical benefits than traditional computing, it undoubtedly introduces an imaginable security challenges to information control, management, access and storage from on-premises to off premises. This paper focuses on security challenges in distributed cloud, describes cloud computing, models and services. Analysis cloud security challenges and presents discussions on considerable solutions to protect threats against confidentiality, integrity and availability of cloud data. This paper also presents an implementation of Private Cloud Computing and evaluates its security features.
Keywords: cloud computing, PaaS, SaaS, IaaS, VM, CIA, threats, vulnerability
- TOWARDS A MODEL FOR THE INTEGRATION OF KNOWLEDGE MANAGEMENT IN LAW ENFORCEMENT AGENCIES
by Ben Brewster, Babak Akhgar, Andrew Staniforth, David Waddington, Simon Andrews, Kayleigh Johnson
Abstract: As law enforcement agencies are presented with ever increasing repositories of data upon which to conduct their intelligence and investigative initiatives, the requirement to effectively manage knowledge grows. The following paper explores the use of knowledge management within law enforcement in terms of defining knowledge in policing, the various forms in which knowledge exists in society and organisations, and the potential barriers to the integration of knowledge management practices in the law enforcement domain. The paper clarifies the role of knowledge in organisational behaviour and the rationale behind its importance in contemporary law enforcement practices before discussing the concepts around practical scenarios, and outlining a number of example approaches to integration.
Keywords: Knowledge Management; Law Enforcement; Intelligence
- Secure cloud based biometric authentication utilizing smart devices for electronic transactions.
by Bobby L. Tait
Abstract: The release of the latest iPhone device by Apple, named the iPhone 5s which incorporates a fingerprint based biometric scanner, was met with a lot of criticism from the security and privacy community. It was soon demonstrated that the biometric reader on this new iPhone is just as vulnerable to spoofing attacks as devised by researchers such as Matsumoto et al . It is an excepted fact that making use of biometrics for effective security during the identification and authentication process, is not recommended. People leave latent biometric prints of their fingerprints on everything they touch. Biometric technology is vexed with this problem a biometric characteristic is not essentially covert, as people deposit their biometric characteristics in various ways in the environment they interact with. \r\nThis paper proposes an approach to allow a person to use a smart device such as the iPhone 5s, for secure biometric authentication over a networked environment for secure electronic transactions. The paper illustrates that a smart device can be considered as a smart token, to address the security concerns associated with biometric technology.\r\n
Keywords: Biometrics; iPhone 5s; Cloud; Security; Authentication; Secure electronic transaction; spoof attack; hacking; smart token;
- Anomaly Detection Using Fuzzy Association Rules
by María Dolores Ruiz Jiménez, Maria J. Martin-Bautista, Daniel Sánchez, M. Amparo Vila, Miguel Delgado
Abstract: Data mining techniques are a very important tool for extracting useful knowledge from databases. Recently some approaches have been developed for mining novel kinds of useful information, such us anomalous rules. These kinds of rules are a good technique for the recognition of normal and anomalous behaviour, that can be of interest in several area domains such us security systems, financial data analysis, network traffic flow, etc. rnThe aim of this paper is to propose an association rule mining process for extracting the common and anomalous patterns in data that is affected by some kind of imprecision or uncertainty, obtaining information that will be meaningful and interesting for the user. This is done by mining fuzzy anomalous rules. We present a new approach for mining such rules, and we apply it to the case of detecting normal and anomalous patterns on credit data
Keywords: Data mining; fuzzy association rules; anomalous rules; anomaly detection; credit
- Identity based threshold ring signcryption from pairing
by Lunzhi Deng
Abstract: This paper presents an identity-based threshold ring signcryption scheme.rnwith this technique, any group of t entities can choose n − t entities to generate a t-out-of-n signcryption on behalf of the group of n members, yet thernactual signcrypters remain anonymous. The scheme is proven to be indistinguishable against adaptive chosen ciphertext attacks, existentially unforgeable against adaptive chosen message and identity attacks, and unconditional signcrypter ambiguity under the random oracle model. To the best of authors knowledge, the scheme is the first security ID-based threshold ringrnsigncryption scheme.
Keywords: Identity-based cryptography, Signcryption, Threshold ring signature, Pairings, Security