International Journal of Electronic Security and Digital Forensics (10 papers in press)
- A Fuzzy Logic Approach for Detecting Redirection Spam
by Kanchan Hans, Laxmi Ahuja, SK Muttoo
Abstract: Redirection spam is a relatively newer technique whereby spammers redirect the search user to an unwanted webpage or download malware on the victims machine without his consent. Spammers are making use of chained redirections to hide their nefarious activities. Detecting such malicious redirections is of prime importance for maintaining web security. In this paper we have identified the factors that assist in detecting redirection spam and propose a fuzzy logic based model for redirection spam detection. We validated our model against a set of URLs and were able to detect the spammed redirections with high accuracy.
- An Ad Hoc Detailed Review of Digital Forensic Investigation Process Models
by Reza Montasari
Abstract: For the past decade, digital forensics has been the subject of scientific study, and as a result it has become an established research and application field. One of the foundational methods in which the researchers in the field have attempted to comprehend the scientific basis of this discipline has been to develop models which reflect their observations. Various process models have been developed describing the steps and processes to follow during a digital forensic investigation. This paper provides a detailed review of eleven published papers representing digital forensic process models. The aim of this review is to gain a background knowledge of the existing research on the digital forensic investigation process models and the problems associated with those models.
Keywords: digital forensic; computer forensics; digital investigation; process models; models review
- A Comprehensive Digital Forensic Investigation Process Model
by Reza Montasari
Abstract: A formal process model is needed to enable digital forensic practitioners in following a uniform approach and to enable courts of law in determining the reliability of digital evidence presented to them. Such a model also needs to be generic in that it can be applicable in the different fields of digital forensics including law enforcement, corporates and incident response. There does not currently exist such a comprehensive process model that is both formal and generic. To address these shortcomings, this paper proposes a model that is formal in that it can enable the digital forensic practitioners in following a uniform approach when carrying out investigations, and that is generic in that it can be applied in the different environments of digital forensics.
Keywords: digital forensics; incident response; process model; corporate digital investigations;rndigital investigations; computer forensics
- Besieged Privacy in Social Networking Services
by Xingan Li, Shujun Dong
Abstract: Pervasive application of the social networking services (SNSs) has been transforming modern social lives, from which the traditional social activities have been extending their existing boundary into cyberspace. Billions of users of the SNSs grasp more and more fresh chances for communicating and co-operating, at the same time they are also confronted with new risks and dangers, possibly they could also be victimized with their life, health, freedom, and property. The aim of current paper is to investigate the risks of illegal use of personal information brought about by the SNSs. The principal theme considered in this paper is that, the SNSs, in front of both conventional and unconventional offenders, have induced worry about unlawful access to accounts, disclosure and infringement of privacy, as well as misuse and abuse of anonymity. Many vulnerable points of the SNSs in protecting privacy accumulate and structure a hazardous atmosphere where privacy is left defenceless. On the grounds that there are more sensitive information, such as demographic and identity information, financial and consumption information, and clues and traces to daily activities and movements, it is uncomplicated for possible malefactors to select possible victims of varieties of offences. The article concluded that social networking services facilitated both traditional and untraditional privacy-related crimes with both traditional and untraditional scheme, and reviewed alternative solutions to privacy protection and their concomitant dilemmas. An international initiative might be more realistic for coordinating national divergences.
Keywords: social networking services, offences against privacy, offences against property, anonymity, real-name system
- Privacy-enhanced Distance Computation with Applications
by Xiaojuan Chen, Yi Mu, Xiaofen Wang
Abstract: Location privacy has been regarded as an important requirement for location-based service on mobile devices such as mobile phones, where location information might have to be protected against unauthorized or even authorized (curious-but-honest) parties in some cases. We propose a scheme, which provides a method for a location server to identify the nearest mobile object (amongst n mobile objects) to a target mobile object without revealing the location of any participant to the location server. We describe our protocol by using a practical application, wherernthe aim is to identify a closest service vehicle among registered service vehicles to the targetrn car which requires a service, while the locations of all participants are protected against the location server. Our scheme only requires an additive homomorphic encryption scheme without a need of fully homomorphic encryption as required by all other related schemes on location privacy.
Keywords: Location Privacy, Security, Confidentiality
- An authentication scheme for multi-server environments based on chaotic maps
by Yun Tao
Abstract: In the present e-commerce and e-government era, user authentication schemes have become more and more important, through which the user and the server could authenticate each other and generate a session key to encrypt message. The extended chaotic map is very suitable for the cryptography since there are subtle and close relationships between the properties of traditional cryptosystems and chaotic systems. Recently, many extended chaotic maps based authentication schemes have been proposed for different applications. However, most of them are designed for a single server environment and result in users needing to register many times when they want to access different application servers. Besides, the only two extended chaotic maps based authentication schemes for multi-server environment suffer from security vulnerability. In this paper, we proposed a new user authentication scheme for multi-server environments using extended chaotic maps. We also give a proof that the security of the proposed scheme could withstand various attacks and satisfy other requirements in multi-server environments.
Keywords: Chaotic maps; Mutual authentication; Smart card; Multi-server environment
- Generating Optimal Informed and Adaptive Watermark Image Based on Zero-Suppressed Binary Decision Diagrams for Medical Images
by Muath Shaikh, Lamri Loamer, Laurent Nana, Anca pascu
Abstract: Watermarking protects legitimate copies of digital multimedia, such as video, audio and images, from unauthorized use. Digital watermarks are used to verify the authenticity, integrity and confidentiality of data to prove the identity of its owners. Watermark generation is one of the most important aspects of watermarking schemes, and should aim to produce as small a watermark as possible (a low quantity of data to be embedded in the multimedia) to reduce the complexity of computational processes. Although embedding a large amount of watermark data in almost any medium increases the chances of recovering it, this also increases the complexity, which can become impractical for real time applications. In this paper, we focus on the robustness of medical image watermarks and present a means to generate a small watermark. This idea is very innovative in the watermarking field. The proposed approach is based on Zero-Suppressed Binary Decision Diagrams (ZBDD). ZBDD has proven its effectiveness in many fields, such as data mining, big data processing, computer networks, etc. Application of ZBDD to medical image watermarking will help us to take into account not only the complexity and the capacity factors but also the watermark robustness. The results obtained are very significant and encouraging and will be examined in this paper under several attack scenarios.
Keywords: ZBDD; Combination Set; Medical Image; Watermarking; Attacks; Complexity; Adaptively Watermark; Robustness.
- A New Fully Homomorphic Encryption over the Integers using Smaller Public Key
by Govindha Ramaiah Yeluripati
Abstract: Fully Homomorphic Encryption scheme with practical time complexity is a widely acknowledged research problem in cryptography. In this work, a new Somewhat Homomorphic Encryption with practical time complexities is proposed, from which fully homomorphic encryption is obtained using the optimizations suggested in the contemporary works. The central idea behind the proposition in achieving such reasonable time complexities lies in employing a small public key containing only two big integers with consequent reduction in the message expansion. The scheme may be considered as a variant of the DGHVs integers based scheme, which was one of the earlier attempts in devising a conceptually simpler fully homomorphic encryption. The semantic security of the proposition is proved in the standard model by reducing the same to the hard problem of solving Partial Approximate Greatest Common Divisor of two integers.
Keywords: Approximate Greatest Common Divisors, Homomorphic Encryption, Message expansion, Semantic security, Smaller public key
- A New Group Signature Scheme for Dynamic Membership
by Run Xie, Chunxiang Xu, Changlian He, Xiaojun Zhang
Abstract: Group signatures allows a group member to sign messages anonymously on behalf of the group. Generally, group signatures have anonymity, traceability and authentication. It has been well applied in practical distributed security communication environments. However, very few schemes can achieve the non-frameability and support dynamic membership management. In this paper, we propose a new group signature scheme. Our scheme achieves the non-frameability without the trusted issuer. Meanwhile, this scheme can support dynamic members join and revocation without incurring other secure threats. Furthermore, in our scheme, the size of group member's private key and the size of group public key are shorter than other schemes while the costs to be kept constant for signing and verifying. In particular, we prove that our scheme achieves anonymity, traceability and non-frameability under the random oracle model.
Keywords: group signature; non-frameability; anonymity; traceability; security proof ; random oracle model.
- Security analysis and enhancements of a multi-factor biometric authentication scheme
by Min Wu, Jianhua Chen, Wenxia Zhu, Zhenyang Yuan
Abstract: The security of authentication scheme, especially multi-factor biometric authentication scheme based on password, smart card, and biometric in wireless communication is an important and significant issue that researchers have been focusing on of late. Most recently, Liling Cao et al. improved a multi-factor biometric authentication scheme which demonstrated that their scheme can resist masquerading attack, user masquerading attack, replay attack, and provide mutual authentication , and so on. In this paper, it is indicated that their scheme is vulnerable to stolen smart card attack, user impersonation attack, sever impersonation attack and man-in-the-middle-attack. Then, in order to avoid these attacks, a revised scheme with slight high computation costs but more security than other related schemes is presented.
Keywords: multi-factor; biometric; mutual authentication ; scheme; smart card; security; attack.