International Journal of Electronic Security and Digital Forensics (11 papers in press)

Regular Issues

• Efficient hierarchical identity-based signatures from lattices  
  by Miaomiao Tian 
  Abstract: Lattice-based hierarchical identity-based signature (HIBS) schemes are receiving significant attention due to provable security reductions and potential security for quantum computers. However, most of the existing HIBS schemes based on lattices are less efficient for practical applications. To make lattice-based HIBS schemes become more practical, this paper presents an efficient HIBS scheme from lattices. Both the secret key size and the signature length of our proposal are much shorter than those of other lattice-based HIBS proposals. Our scheme is proven to be strongly unforgeable against adaptive identity attacks in the random oracle model. The security of the construction relies on the standard short integer solution (SIS) assumption.
  Keywords: Identity-based cryptography; Digital signature; Lattices; Efficient.
   
• RF Authenticated Reconfiguration based Access Control Protection Scheme for SRAM-Based FPGA IP Cores  
  by Laavanya Sridhar, Lakshmi Prabha 
  Abstract: The constantly growing demand for ready to use design components, also known as Intellectual Property (IP) cores, has created a very lucrative and flourishing market which is very likely to continue its current path not only into the near future. With increase in use of Field Programmable Gate Arrays (FPGAs) in production designs, and with growth of System on FPGA (SOF) applications, the security of FPGA IP cores cannot be taken for granted anymore. In this paper, we have proposed a novel wireless based IP core infringement preventive approach for Intellectual Property Protection (IPP) of Static Random Access Memory (SRAM) based FPGA IP cores. The proposed scheme exploits reconfiguration aspect of SRAM-based FPGA and incorporates special tag bypass features for increase suitability of proposed scheme as an IPP technique for reconfigurable IP cores. The results derived from testing of hardware prototype used for evaluation of proposed scheme are quite encouraging.
  Keywords: SRAM; static random access memory; FPGAs; field programmable gate arrays; IPP; intellectual property protection; reconfiguration; access control; tag bypass feature; bitstream encryption; RFID; radio frequency identification; decryption key transmission.
   
• A New Elliptic Curve Cryptosystem for Securing Sensitive Data Applications  
  by Maria Celestin Vigila S, Muneeswaran K 
  Abstract: Enhancing security is the main intention for public key cryptosystems on the basis of the hardness of the obstinate computational problems. In this paper, the ASCII value depiction of the text message is mapped into a point on Elliptic Curve and this initiates a few order of complexity yet before the message is encrypted. Next the process of encryption/decryption of a mapped Elliptic Curve point is illustrated by enhancing security using Comparative Linear Congruential Generator and then subjecting it to the knapsack algorithm. These steps introduce scrupulous confusion and diffusion to smash any attempt at brute force attacks. This paper also discusses the security aspects of the proposed cryptosystem which is secure against all kinds of attacks.
  Keywords: Elliptic Curve Cryptography (ECC); Discrete Logarithm; Nonce; Comparative Linear Congruential Generator (CLCG); Knapsack Algorithm.
   
• A robust zero-watermarking scheme using Canny edge detector  
  by Mahsa Shakeri, Mansour Jamzad 
  Abstract: By expansion of digital multimedia and networking technology, the problem of ownership protection has become increasingly important. Digital watermarking is an efficient way for copyright protection of digital images. Traditional watermarking techniques degrade the quality of host image by embedding a watermark logo. Facing this problem, a new watermarking approach called zero-watermarking has been proposed. In zero-watermarking methods, the watermark does not require to be embedded into the protected image but it uses both the watermark and the protected image to generate a verification map which is registered to a trusted authority for further protection. In this paper we propose a robust zero-watermarking method which uses Canny edge detection and morphological dilation. Experimental results demonstrate that our proposed scheme is robust against common geometric and non geometric attacks including blurring, JPEG compression, noise addition, sharpening, scaling, rotation, and cropping. In addition, our experimental results show that our method could outperform the most recent related methods in most cases.
  Keywords: Zero-watermarking; copyright protection; trusted authority; verification map; Canny; dilation
   
• Biometric Encryption using Enhanced Finger Print Image and Elliptic Curve  
  by Mary Sagayee 
  Abstract: The greatest strength of biometrics is that it does not change over time. But at the same time while using it directly for enhancing the security in network system, if that data has been compromised, its compromised forever. Therefore, cancellable biometrics will increase the privacy which means that the true biometrics are never stored or revealed to the authentication server. Biometrics, cryptography and data hiding will provide good perspectives for information security. Most of the researchers confirmed that the finger print is widely used than the iris or face and more over it is the primary choice for most privacy concerned applications. Also many mathematicians proved that Elliptic Curve is the best solution for Cryptography. For finger prints applications, choosing proper sensor is at risk. The proposed work deals about, how the image quality can be improved by introducing image fusion technique at sensor levels. The results of the images after introducing the decision rule based image fusion technique are evaluated and analyzed with its entropy levels and root mean square error. Then the resultant enhanced image is used for extracting the key for ECC applications.
  Keywords: Finger Print Image, Wavelet Neural Network, Image Fusion, Entropy, RMSE, Cryptography, ECC, Prime Field.
   
• New admissibility regime for expert evidence: the likely impact on digital forensics  
  by Carlisle George, Oriola Sallavaci 
  Abstract: The Law Commission in England and Wales has proposed a reform of the admissibility regime for expert evidence in criminal trials in England and Wales. The proposed reform builds on the US approach to admissibility of expert evidence, and establishes a multi-stage statutory test for admissibility to be applied by trial judges, aided by a set of guidelines. This paper discusses the main aspects of the proposed reform with a view to discussing how they may impact on digital forensics experts giving opinion evidence in criminal trials.
  Keywords: Law Commission; expert evidence; digital forensics, criminal trial, admissibility
   
• Procedural aspects of the new regime for the admissibility of expert evidence: what the digital forensic expert needs to know  
  by Carlisle George, Oriola Sallavaci 
  Abstract: This paper reviews some aspects of the proposed reform on the admissibility of the expert evidence in criminal trials. The review focuses on the impact such reform will have on several procedural aspects of the criminal trial such as the role of trial judge, burden of proof for evidential reliability, power of the court to disapply the reliability test and the engagement of court appointed experts. The paper concludes that some of the procedural aspects bring new difficulties that may not be easily solved. Also that the digital forensics community may have a new opportunity to pay an integral part in aiding the legal profession in light of the requirements of the new regime.
  Keywords: Law Commission; expert evidence; burden of proof; court appointed experts.
   

Special Issue on: "CYfor-12 Cybercrime Prevention, Detection and Response"

• The Inverse CSI Effect: Further Evidence from E-crime Data  
  by Richard Overill 
  Abstract: Analysis of incidence and impact trends mined from recent computer crime survey data has yielded circumstantial evidence in support of the previously proposed concept of the Inverse CSI Effect, operating in the cyber-crime domain. The implications of this finding for digital forensics and e-crime investigations are discussed.
  Keywords: CSI effect; digital forensics; cyber-crime.
   
• Detecting Malicious Behaviour Using Supervised Learning Algorithms of the Function Calls  
  by Mamoun Alazab, Sitalakshmi Venkatraman 
  Abstract: This paper describes our research in evaluating the use of supervised data mining algorithms for an effective detection of zero-day malware. Our aim is to design the tasks of certain popular types of supervised data mining algorithms for zero-day malware detection and compare their performance in terms of accuracy and efficiency. In this context, we propose and evaluate a novel method of employing such data mining techniques based on the frequency of Windows function calls. Our experimental investigations using large data sets to train the classifiers with a design tool to compare the performance of various data mining algorithms. Analysis of the results suggests the advantages of one data mining algorithm over the other for malware detection. Overall, data mining algorithms are employed with true positive rate as high as 98.5%, and low false positive rate of less than 0.025, indicating good applicability and future enhancements for detecting unknown and infected files with embedded stealthy malcode.
  Keywords: Malicious Software (Malware), Cybercrime, obfuscation, Function Calls, Intrusion Detection, Data Mining.
   
• Automatic Forensic Log File Analysis for MAC OS X Systems  
  by Zeki Turedi, Liangxiu Han 
  Abstract: Mac OS X based systems are gaining growing popularity. Yet forensics on this type of systems is still in its infancy and traditional forensic tools dont work well with it. Currently, most examinations for Mac OS X systems are done manually by experts. It is costly and time consuming, especially for those examination tasks involved with large amount of data, such as forensic examination of log files. It is critical to develop new techniques and tools for facilitating Mac OS X based forensic examination. To address this issue, we have first proposed and developed an automatic log file analyser, which can automatically carve forensic artifacts from multiple log files for facilitating forensic analysis on Mac OS X systems. The experimental evaluation shows our tool can handle large size of data effectively, which enables investigators to analyse log files in a time manner.
  Keywords: Cyber Security; Digital Forensics; Mac OS X; Log Files.
   
• SQL injection attacks with the AMPA suite  
  by Simone Cecchini, Diane Gan 
  Abstract: The suite of tools presented here was developed to exploit the lack of sanitisation found in user inputs that reached a target database and sometimes even the server. The focus for the design of the tools was BLIND SQL injection, the verbosity of the attack and the possibility to inject a webshell which enabled Meterpreter to open a reverse connection. The tools demonstrate how dangerous SQL Injection can be, specifically on the AMP platforms. The method of reporting and the ease of use meant that the AMPA suite was a good set of tools for professional penetration testers, who may also require flexibility and customisation from open source software. An attack using the suite will be presented and the results discussed.
  Keywords: PHP, MySQL, Apache, SQL, SQL Injection Attack through a Proxy, BLIND SQL Injection, UNION Select attack, PHP shell, AMP platforms, SQLInjector, SQLInstillator, AMPAnasia, Meterpreter reverse shell, LAMP security