International Journal of Electronic Security and Digital Forensics (36 papers in press)
Implementation of RFID Mutual Authentication Protocol
by Sivasankaran Kumaravel, Ashik JOJI
Abstract: RFID (Radio Frequency Identification): The most flexible auto identification technology has a dereliction in its security. Over the years researchers have worked on the security issue of the long established commonly used Passive UHF RFID tags and have come up with some authentication protocols scorning its hardware implementation. Here a lightweight mutual authentication protocol is implemented in ASIC based on the EPC Class 1 Generation 2 framework released by EPC global, which is the widely used industrial standard for passive UHF RFID communication. We have proposed to incorporate ROM to store message signal, which shows significant reduction in area and power as compared to existing digital baseband architecture.
Keywords: EPC; security; RFID; LFSR; lightweight; authentication; VLSI; pierndecoder; fm0 encoder.
ArMTFr: A New Permutation-Based Image
by Hassan Elkamchouchi, Wessam Salama, Yasmine Abouelseoud
Abstract: In this paper, a new image encryption scheme
named (ArMTFr) is proposed. An image is encrypted using a
combination of keyed permutations and substitution, where a
fractal is XORed with the scrambled image. Fractal images are
employed in order to improve the performance of the encryption
scheme from the viewpoint of randomization and to increase the
encryption key space, thus boosting its security. The employed
permutations are the Arnold map and Mersenne-Twister's
permutation algorithm. Before the encryption process starts,
histogram equalization is used to enhance the contrast of the
image by transforming the intensity values in it, so that the
histogram of the output image approximately matches a uniform
histogram. First, grayscale images are considered and then the
basic algorithm is extended to handle colored images. Three
representations for colored images are considered: RGB, YCbCr
and HSI color spaces. The security of the algorithm is enhanced
in this case by applying RGB color channels multiplexing. The
experimental results show that the encrypted image has low
correlation coefficients among adjacent pixels and a good
histogram distribution, as well as resistance to various attacks.
Keywords: Correlation; Image Encryption; Histogram Equalization; Pixel Permutation; Arnold Map; Fractals.
Drone Forensics: Examination and Analysis
by Farkhund Iqbal, Benjamin Yankson, Babar Shah, Maryam Ahmed AlYammahi, Naeema Saeed AlMansoori, Suaad Mohammed Qayed, Thar Baker
Abstract: Unmanned Aerial Vehicles (UAVs), also known as drones, provides unique functionalities, which allows area surveillance, Inspection, surveying, unarmed cargo, armed attack machines, and aerial photography. Although drones have been around for sometimes, mass adoption of this technology is new. The technology is widely adopted in fields including law enforcement, cartography, agriculture, disaster monitoring, and science research. Due to vulnerabilities, and the lack of stringent security implementation, drones are susceptible to GPS spoofing attacks, integrity attacks and de-authentication attacks. These attacks which can allow criminals to access data, intercept the drone and, and use it commit a crime and complicate forensic investigation. The need for standardized drone forensics is imperative in order to help identify vulnerabilities in different models of drones, solve drone related crime, and enhance security; thwarting any anti-forensic measure by criminals. Thus, this paper is presented to report on potential attacks against the Parrot Bebop 2 drone, and the ability for an investigator to collect evidence about the attacks on the drone. This paper aims at examining the possibility of establishing ownership and collecting data to reconstruct events, linking the drone controller with the drone to prove ownership, flight origins and other potentially useful information necessary to identify the proprietor of a crime. In addition, we have also proposed a small-scale drone ontology for modeling drone context data, and simple forensic processing framework for small-scale drones.
Keywords: digital forensics; investigation; drone security; drone attack; context data; drone ontology.
IMPLEMENTATION OF THE PREDECI MODEL IN THE PROSECUTION OF CHIMBORAZO IN ECUADOR: A CASE STUDY EVALUATION.
by Fernando T. Molina Granja, Glen D. Rodriguez Rafael, Raul Marcelo Lozada Yanez, Edmundo Bolivar Cabezas Heredia
Abstract: The model to evaluate is a model for the preservation of digital evidence-based institutions of criminal investigations where it is essential to preserve evidence that has characteristics of the environment with the purpose of increasing the rate of admissibility of the evidence in court. This article aims to evaluate the model and its impact in terms of security, admissibility, and long-term preservation characteristics. We respond to the following research question: Does the model, implemented in an software application for a case study, raise the admissibility of digital evidence in court?. Thus, a software application is developed, the unit of study is defined, and the results are analyzed. The study determined that the model, when implemented properly and following the guidance of implementation of the model, raises the admissibility of digital evidence in court.
Keywords: PREDECI; assessment models; admissibility; digital evidence; guide implementation.
Combating credit card fraud with online behavioral targeting and device fingerprinting
by Othusitse Seth Dylan Phefo
Abstract: Billions of dollars are lost due to credit/debit card fraud every year. This trend has been going up despite the evolution of several fraud detection techniques that are applied to many business fields to try and stem the tide. Fraud detection involves, among other things, the monitoring of customers' credit card usage patterns in order to notice any changes that might reflect fraud and use such information to stop the transaction before any loss is realized, or to inform the customer of suspicious activity in their accounts. There are many existing fraud detection techniques employed by card issuers and researchers, but they seem not able to stem the tide. Online advertising companies employ a number of groundbreaking technologies to send targeted advertising to internet users among them Online Behavioral Targeting (OBT) and Device Fingerprinting (DF). These technologies are able to track and profile internet users up to the level of what device they are using and what they are most likely to purchase. In this paper we propose a novel Fraud detection framework that uses Online Behavioral Targeting (OBT) Data and Device Fingerprinting (DF) to improve the efficiency of an existing Fraud Detection System (i.e. the fusion approach using Dempster-Shafer theory and Bayesian learning). OBT and DF provide massive insights into our online behavior and can be used to pinpoint fraudsters as well as know shopping patterns of credit card users.
Keywords: Fraud Detection; Security; Information Security; Dempster-ShaferrnAdder; Behavioral Targeting.
Information Security Model using Data Embedding Technique for Enhancing Perceptibility and Robustness
by Sunil Moon
Abstract: Information concealing using steganography is simple but to maintain its security, perceptibility, robustness, embedding capacity and good recovery of both cover as well as secret data are the major issues. This paper is focused on the improvement in all these major issues. The proposed technique embedded the secret image and audio as secret data into the randomly selected frames of video using Multi Frame Exploiting Modification Direction (MFEMD) algorithm. Hence it is very difficult to understand in which part of video, data is hidden. At the receiver end we have used the forensic tool for authentication to improve data security. Our simulation results are found to be better than any other existing methods in terms of Peak Signal to Noise Ratio (PSNR), Mean Square Error (MSE), Correlation Factor (C.F), good visual recovery of both original video and secret data, hiding capacity of secret data, security of secret data. Different types of attacks are applied on stego video during transmission like visual, chi-square, histogram, etc. to improve the perceptibility and robustness of secret data.
Keywords: MFEMD; Audio Video Crypto-Steganography; Information security; CF; Attacks.
A Novel Median Filtering Forensics Based on Principal Component Analysis Network
by Xian Wang, Bing-Zhao Li
Abstract: As an important issue of forensic analysis, median filtering detection has drawn much attention in the decade. While several median filtering forensic methods have been proposed, they may face trouble when detecting median filtering on low-resolution or compressed images. In addition, the existing median filtering forensic methods mainly depend on the manually selected features, which makes these methods may not adapt to varieties of data. To solve these problems, convolution neural networks have been applied to learn features from the training database automatically. But the CNN-based method trains slowly and the parameters of it is hard to select. Thus, we proposed a PCANet-based method. And we test our trained model on several databases. The simulation shows that our proposed method achieves better performance, and trains much faster than CNN-based method.
Keywords: median filtering; blind forensics; principal component analysis; neural network.
A Novel Authentication Scheme for Anonymity and Digital Rights Management Based on Elliptic Curve Cryptography
by Cheng-Chi Lee, Chun-Ta Li, Zhi-Wei Chen, Shun-Der Chen, Yan-Ming Lai
Abstract: Due to the rapid development of computer science and associated technologies, various text documents, multimedia data, software and many other forms of contents are now created, stored, and processed digitally, and almost all traditional contents of special value such as paper documents, music or video tapes, and a lot more, if possible, have also been digitized and managed digitally. As the Internet makes data transmission easy and fast, digital contents of all kinds can be spread all over the world at a shocking speed. Along with such amazing swiftness and convenience, however, modern computer and communication technologies have also brought various kinds of issues associated with digital rights management. Digital rights management (DRM) systems are access control technologies used to restrict the use, modification, and distribution of proprietary hardware and copyrighted works. Now, in view of modern peoples heavy dependence on their mobile devices, we consider it a good idea to design a DRM scheme on the basis of elliptic curve cryptography (ECC) because ECC is a very good mobile device level security tool. In this paper, we shall review Amin et al.s 2016 scheme and point out some security weaknesses we have found. Then, with the security flaws mended, we shall propose an improved ECC-based protocol for DRM that is especially suitable for applications on mobile devices.
Keywords: Biometric; Digital rights management; ECC; Mobile device; User’s anonymity.
Malware Detection Model Based on Classifying System Calls and Code Attributes: A proof of Concept
by Malik Saleh
Abstract: The process of malware detection involves static code analysis and dynamic analysis. Both methods have limitations. This research tried to bridge the gap between the two methods by dynamically predicting the risk before the static analysis. The proof-of-concept examined the code of known malwares and concluded that five characteristics of the code will predict the risk of any executable file, namely, the system function, encryption, code obfuscation, stalling code, and checking for the debugger environment. The proof-of-concept validates the effectiveness of the model. It shows 96 percent success and limited false-positives results.
Keywords: Malware; Malware detection; System Calls; Classifying system calls; static analysis; dynamic analysis.
Evaluation of Smartphone Data using a Reference Architecture
by Heloise Pieterse, Martin Olivier, Renier Van Heerden
Abstract: The 21st century is continuously witnessing the growth and evolution of smartphone technology. Central to this evolution is the use of popular smartphone applications. The frequent use of smartphone applications by people for everyday activities allows for the creation and storage of large quantities of smartphone data. Smartphone data is susceptible to change and can be compromised by anti-forensic tools, malware or malicious users. It is, therefore, important to establish the authenticity of such data before forming any conclusions. The first step to establishing the authenticity of smartphone data is to acquire a better understanding of the expected behaviour of smartphone applications. This paper introduces a reference architecture for smartphone applications, which captures the architectural components and models the expected behaviour of smartphone applications. An experiment conducted to examine the smartphone data of Androids default messaging application indicates that the reference architecture can assist digital forensic professionals in identifying authentic smartphone data.
Keywords: Digital Forensics; Smartphone Forensics; Smartphones; Authenticity; Reference Architecture; Android; iOS; Applications.
A Road Map for Digital Forensics Research: A Novel Approach for Establishing the Design Science Research Process in Digital Forensics
by Reza Montasari, Victoria Carpenter, Richard Hill
Abstract: Compared to other well-established scientific fields such as Computer Science (CS) or Information Security (IS), Computer Forensics (CF) is still evolving as a new scientific field. As a result of such an evolution, CF still lacks standardisation in various aspects including, but not limited to, process models, datasets, procedures, techniques, as well as formal research methodologies. As a result, progress in the establishment of CF as a scientific field has been hindered. Such a lack of standardisation has prompted debates on the scientific credentials of CF. This paper aims to address one of such issues concerning the lack of standardisation, namely the absence of formal research methods in CF. Our paper has been motivated by the awareness that much of studies to date in CF has focused on the applied research at the expense of theoretical aspects such as formal research methodologies that are urgently needed to advance research in digital forensics. Therefore, this study adds to the body of knowledge by filling the gap that there does not currently exist a well-established research methodology in CF. To this end, we borrow a well-established research methodology from the domain of IS, namely Peffers et al.s (2006), adapt and extend it and make it relevant to research studies in CF. We will demonstrate how each phase of the DSRP can be applied to different stages of a CF research. This study sets a precedent for other researchers to identify, adapt, extend and apply other well-established research methods to studies in CF.
Keywords: computer forensics; design science research; research methodology; digital investigations; information system; digital forensics.
Comparison Analysis of Electricity Theft Detection Methods for Advanced Metering Infrastructure in Smart Grid
by Hamed Barzamini, Mona Ghassemian
Abstract: While smart grid technologies are deployed to help achieve improved grid reliability and efficiency, they are vulnerable to cyber-attacks which can result in billions of dollars loss for energy companies. The appropriate classification method selection to detect the electricity theft is under the influence of operational requirements and resource constraints in real scenarios. Since unsupervised methods have a high error rate, we investigate a new application based on a semi- supervised anomaly detection method which uses the principal component analysis (PCA) technique to detect the electricity theft. The performance of this method is compared with the peer-to-peer (P2P) method based on linear equations. The P2P method assumes that the electricity theft occurs in a particular situation. Our evaluations indicate that in the absence of this assumption, the P2P method detection system results in 100% false alarm. While the anomaly detection method using the PCA does not require any prior assumptions about the pattern of the electricity theft, it can retain its performance with a 4% false alarm rate. Our analysis shows an average of 45% improvement in the detection accuracy rate in comparison with the P2P method.
Keywords: smart grid; electricity theft; classification method; principal component analysis.
A Novel LSB Based RDH with Dual Embedding for Encrypted Images
by Debabala Swain, Jayanta Mondal, Devee D. Panda
Abstract: A novel reversible data hiding technique for encrypted images is proposed in this paper. Encryption helps to achieve privacy which is a necessity for sensitive imagery such as medical and military images. In encrypted domain data embedding capacity remains a big challenge. A dual embedding scheme is proposed to enhance the additional data hiding capability. The general architecture includes a content owner, a data hider, and a receiver. This scheme is subjected to work on 512
Keywords: Reversible data hiding; image encryption; least significant bit; dual embedding.
Fingerprint authentication based on fuzzy extractor in the mobile device
by Li Li, Siqin Zhou, Hang Tu
Abstract: Bio-cryptography is the combination of biometrics and cryptography that is a new security technology. For the fuzzy of fingerprint, fuzzy extractor that is a good model to protect the biometric data and can reliably extract almost the same random keys R from the closest input. however, many experiments about fuzzy extractors base on computer, we implement an application for fingerprint authentication in mobile devices based on the fuzzy extractor, the help data we need to store is in the capacity of the mobile extern storage. Unlike previous work, the construction of the input in secure sketch is very simple and uses ISO IEC 19794-2 standard minutia data. Most importantly, the scheme can be more secure to protect the biometric template.
Keywords: fingerprint authentication; fuzzy extractor; bch; android application.
Countermeasures for Timing-Based Side-Channel Attacks against Shared, Modern Computing Hardware
by Reza Montasari, Richard Hill, Amin Hosseinian-Far, Farshad Montaseri
Abstract: There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating Microarchitectural Timing-Based Side-Channel Attacks against these systems and as a result compromise the security of the users of such systems. By exploiting Microarchitectural resources, adversaries can potentially launch different variants of Timing Attacks, for instance, to leak sensitive information through timing. In view of these security threats against computing hardware, in a recent study, titled Are Timing-Based Side-Channel Attacks Feasible in Shared, Modern Computing Hardware?, currently undergoing the review process, we presented and analysed several such attacks. This extended study proceeds to build upon our recent study in question. To this end, we analyse the existing countermeasures against Timing Attacks and propose new strategies in dealing with such attacks.
Keywords: side channels; timing attacks; hardware attacks; channel attacks; digital investigations; countermeasures.
A SURVEY ON SECURITY ANALYSIS AND PRIVACY ISSUES OF WIRELESS MULTIMEDIA COMMUNICATION SYSTEM
by Akondi Vyasa Bharadwaja, V. Ganesan
Abstract: Wireless Multimedia Communication (WMC) is an emerging service that integrates voice, video, and data in the same service. The wireless handheld device used to provide multimedia communication such as PDA, Sensor, Mobile phones etc., are resource constrained and also need security protocol for successful multimedia communication between server and user. Many researchers are put their effort to develop secure cryptography algorithms and protocol to allow the user to access the data securely in telemedicine, surveillance system, and video on demand, digital cash, online shopping, digital content delivery and video conferencing technology. This paper focuses on security analysis of different encryption algorithm, secure architecture, encoding algorithm, authentication protocol and video encoding method. It also discuss about security multimedia challenges, characteristics, multimedia services, different attacks, software information and forecasts future perspectives of wireless multimedia technology.
Keywords: Security;Wireless multimedia communication;Elliptic Curve Cryptography;DNA Cryptographic algorithm;Privacy;Secure accumulation;Authentication.
Secure Gray Code Based Reversible Data Hiding Scheme in Radiographic Images
by Karthikeyan B, Venkata Keerthy S, Hariharan G
Abstract: Transmitting medical information through a network for the purpose of tele-diagnosis involves greater risk of losing confidentiality and integrity of the information being transmitted. This paper presents a scheme that ensures reversibility of the cover image and also makes it suitable for the field of telemedicine. The methodology uses cryptographic and the steganographic methods. The proposed work decreases the overhead by reducing the size of the auxiliary data to be embedded which is used to achieve the reversibility of the cover image. The proposed method also improves security of the data and enhances the image quality. The algorithm yields a Reversible Data Hiding (RDH) scheme based on Pixel Value Ordering (PVO). The methodology differs from other basic schemes as it uses Gray code instead of ordinary binary codes. It naturally suits for medical steganography as the carrier image can be reconstructed after extraction of the secret data and also the distortion caused due to embedding is very less. The method is also robust as one time pad cryptographic technique is used to generate the key.
Keywords: Reversible Data Hiding; Pixel Value Ordering; Medical Steganography; One time pad; Telemedicine.
Dealing with the Problem of Collection and Analysis of Electronic Evidence
by Jong Min Sin, Hye Ryon Son
Abstract: Today the Internet is being used in everybodys daily life thanks to rapid development of science and technology including information and communications technology. The cyberspace has also been used as a den for cybercriminals, whose recent number remarkably increases getting things worse and worse.
Cybercrime is technically distinguished from traditional one, which makes it very hard to investigate cybercrime. In particular, a number of technical and legal issues arising in the collection and analysis of digital evidence have great influence in cybercrime investigation. The paper explores general concept of electronic evidence, basic requirements for collecting and analysing digital evidence and general procedures and methodologies thereof.
Keywords: cybercrime; electronic evidence; digital evidence; collection; analysis; cybercrime investigation; Internet.
Biometric Data Security using Joint Encryption and Watermarking
by Garima Mehta, Malay Kishore Dutta, Pyung Soo Kim
Abstract: Confidentiality and content ownership are considered to be an important aspect of security applications and therefore a joint watermarking and encryption scheme is developed. This work addresses the issue of authenticity and integrity of watermark or ownership identification by embedding biometric iris template as a watermark in a fingerprint host image. The proposed approach is a two-step approach which includes encryption and watermarking. During the encryption, iris features are encrypted using combination of FRWT with Arnold cat map while watermark embedding is done by using dual DWT-SVD scheme to improve robustness and protection of biometric security systems. Experimental results demonstrate that the proposed joint encryption and watermarking introduces efficiency, security and robustness against image processing attacks.
Keywords: Biometric; Encryption; Watermarking; Fractional Wavelet Transform; Arnold Cat Map; Discrete Wavelet Transform; Singular Value Decomposition.
The Pseudo Metadata Concept For The Chain of Custody of Digital Evidence
by Yudi Prayudi, Ahmad Ashari, Tri Kuntoro Priyambodo
Abstract: The chain of custody is an important part of the investigation process which will guarantee the evidence is acceptable in the court. The handling of the chain of custody for digital evidence is a complex issue and more difficult than physical evidence. The main problem in the chain of custody of digital evidence is related to how to record and what should be documented the information of evidence in an investigative process. This paper proposed a solution through the concept of Chain of Custody Pseudo Metadata (C2PM). This concept will provide a mechanism for recording and documentation of digital evidence as well as mapping information that must exist for a chain of custody of digital evidence. The recording mechanism is performed after the acquisition and disk imaging of electronic evidence while mapping the information is done into two parts, static and dynamic information. There are 42 information fields divided into nine groups of information that has been built following the basic criteria of information needs chain of custody from various points of view. The grouping of this information will complement the information necessary for the management of digital evidence as well as ISO 27037: 2008. To support the interoperability of this system, the XML approach is used as the implementation of Chain of Custody Pseudo Metadata. This concept is expected to be an alternative solution for digital evidence handling and to provide solutions for information standards for a chain of custody of digital evidence.
Keywords: Chain of Custody; Digital Evidence; Metadata; Digital Forensics; XML. Acquisition; Disk Imaging.
A Cryptographic Data Hiding Algorithm with High Cover Text Capacity
by Muhammad Azeem, Jingsha He, Khurram Gulzar Rana, Faheem Akhtar
Abstract: Cryptography and Steganography are foremost techniques used to ensure security and confidentiality of secret information. In steganography, data hiding capacity with security is a great challenge for the researchers. In present scheme, a novel approach with combination of steganography and cryptography is proposed to achieve high data hiding capacity with greater security. To accomplish this goal, three level encryption is applied to hide secret message by using bit complement and bit right rotation. Different Unicode characters such as Zero Width Non-Joiner (ZWNJ), Zero Width Joiner (ZWJ) and Zero Width Character (ZWC), are used to conceal secret information into English cover text. To embed secret data into cover text, firstly, algorithm implements three level encryption on confidential data and then resulting binary is embedded into cover text by using Unicode characters. The results revealed that recently designed algorithm has higher data security due to light weight and efficient encryption mechanism along with 2-bit/char cover text capacity. Moreover, there is no overhead of secret key generation and exchange from source to destination. Projected technique is easy to implement, hard to break and reduces intruders attention.
Keywords: Information Control; Unicode; Cryptography; Bit Rotation; Cover Media; Text steganography;.
Superpixel-based Zernike Moments for Palm-print Recognition
by BILAL ATTALLAH, Serir Amina, Chahir Youssef, Abdelwahhab Boudjelal
Abstract: In the contemporary period, significant attention has been focused on the prospects of innovative personal recognition methods based on palm print biometrics. However, diminished local consistency and interference from noise are only some of the obstacles that hinder the most common methods of palm-print imaging such as the grey texture and other low-level of the palm. Nevertheless, the development of the process and tackling of the obstacles faced have a potential solution in the form of high-level characteristic imaging for palm-print identification. In this study, Zernike Moments are used for acquiring superpixel features that are spiral scanned images, which is an innovative recognition method. By using the extreme learning machine, the inter- and intra-similarities of the palm-print feature maps are determined. Our experiments yield good results with an accuracy rate of 97.52 and an equal error rate of 1.47 % on the palm-print PolyU database.
Keywords: palm-print recognition;image segmentation;feature extraction;ELM;image matching.
Security Methods and Approaches for Internal and External Network Hospital Information Systems with Single Sign-On (SSO)
by Kostas Kardaras, George Lambrou, Dimitrios Koutsouris
Abstract: Hospital Information Systems are vast and very complex, and include a variety of services. They have become a necessity nowadays, both due to the value added services they provide and to their penetration in the Healthcare Market. Yet, there is a variety of security issues that need to be met and overcome in order to build robust Hospital Information Systems. This paper suggests several security measures in order to enhance security of the sensitive medical data both in an intranet and an extranet environment, and to provide value-added services for efficient health information management. The authors propose an architecture that enables the integration of such security measures in a HIS, especially with the use of SSO, which can cover a wide range of applications.
Keywords: Hospital Intranet; Hospital Extranet; Single Sign On (SSO); Information Systems.
Using machine learning and the first digit law to detect forgeries in digital images
by Hieu Cuong Nguyen, Duc Thang Vo
Abstract: Digital image tampering is becoming popular and it might cause serious problems on different areas. Therefore, detection forgeries in digital images are urgent need. There are various forgery types, which can be exposed by different forensic techniques. In this paper, we propose a new detection scheme using the first-digit law (also known as Benfords law) in order to identify several types of image forgeries. We extract specific features, which are fed to a machine learning based classifier in order to distinguish original images and manipulated images. Through experiments, we found that the proposed scheme work well for detecting double JPEG compression and Gaussian noise addition. Copy-move is among the most popular types of image forgeries, where a part of an image is copied and pasted to another position of the same image. However, we show that, this manipulation does not affect the law. Experiments on a large-scale image dataset show that the proposed scheme is reliable and it can achieve detection rate up to 90% or higher.
Keywords: Image forensics; Benford’s law; SVM; double JPEG compression.
Cost-effective Provable Secure Cloud Storage Self-auditing Scheme for Big Data in WMSNs
by Xiaojun Zhang, Jie Zhao, Liming Mu
Abstract: Medical big data have recently received considerable attention in the modern medical systems, since they give great opportunities to mine new medical knowledge. In the wireless medical sensor networks (WMSNs), medical big data can be generated and processed everywhere at any time. With the rapid development of cloud computing, cloud-based WMSNs can provide more efficient processing of patients physiology parameters and support richer storage services. Meanwhile, the integrity of medical big data becomes significant, since medical big data will be employed to provide the medical diagnosis and other medical treatments. In this paper, we propose a cost-effective self-auditing scheme for cloud storage medical big data without pairings. In the proposed scheme, a patient can personally check the medical big data integrity effectively, without retrieving the entire medical big data, and thus dramatically reduces the communication overhead. Moreover, we extend the proposed scheme to a batch self-auditing scheme, such that a patient can efficiently perform self-auditing for multiple different medical big data files simultaneously. The performance comparison shows that the proposed scheme is much more light-weight, and more practical in WMSNs.
Keywords: Medical big data; wireless medical sensor networks; cloud computing; self-auditing.
Data hiding using adaptive LSB and PVD technique resisting PDH and RS analysis
by Aditya Kumar Sahu, Gandharba Swain
Abstract: This paper proposes an improved data hiding technique using the principle of least significant bit (LSB) substitution and pixel value differencing (PVD). It addresses two issues, (i) the error block problem (EBP), and (ii) the fall of boundary problem (FOBP). The image is divided into non-overlapping blocks of two consecutive pixels. The blocks are divided into 3 levels depending upon the pixel value difference. The level of the block and the pixel difference range decides the hiding capacity of a block. The proposed technique has been compared with related existing techniques in terms of parameters like peak signal to noise ratio (PSNR), quality index (Q), hiding capacity, bits per pixel (BPP), and the count of the blocks suffering from FOBP. The experimental results prove that the proposed technique offers better PSNR and hiding capacity as compared to the related existing techniques. Furthermore, the proposed technique is resistant to pixel difference histogram (PDH) analysis and RS analysis.
Keywords: Steganography; LSB Steganography; PVD steganography; PDH analysis; RS analysis.
A 3-Layer RDH Method in Encrypted Domain for Medical Information Security
by Debabala Swain, Jayanta Mondal
Abstract: Digitization of sensitive images demands a lossless security mechanism and a sophisticated privacy preservation technique. Sensitive imagery e.g. medical, forensic, military images etc., needs special care during transmission as a little distortion can lead to catastrophic diagnosis mistake. With immense advancements, popularity, and success of service-oriented architecture (SOA), providing safe and secure online medical facility is one hard challenge for both research community and the industry. This paper proposes a 3-layer embedding mechanism enabled reversible data hiding (RDH) scheme with additional electronic patient record (EPR) hiding technique for encrypted medical images. LSB modification and LSB substitution technique are used for the embedding and EPR hiding. The experiments carried out on the medical test images on three levels of embedding and the experimental results show great potential in terms of security, embedding capacity, and recovered image quality.
Keywords: Reversible Data Hiding; Least Significant Bit; Electronic Patient Record;Encryption; Data Embedding.
Application of Quality in Use Model to Assess The User Experience of Open Source Digital Forensics Tools
by Manar Abu Talib, Reem Alnanih, Adel Khelifi
Abstract: Open source digital forensics tools are playing an important role for law enforcement agencies, security company operations, forensics investigations and enterprise security teams. There is a strong need to assess these software tools using quality in use models to ensure that they meet users needs and are adaptable to the context in which they are being used. The existing literature does not satisfy the requirements of assessing the quality-in-use of these software tools.
In this paper, we adopt a standardized set of existing quality models and apply the quality-in-use measurement model in terms of five important characteristics, namely, effectiveness, productivity, efficiency, error safety, and cognitive load. We assess three of the most used open source digital forensics tools, namely Autopsy, DFF, and DART. The results of experiments have demonstrated that the performance of Autopsy, DFF, and DART is similar in terms of efficiency and productivity. However, DDF outperformed the other two slightly in effectiveness. Autopsy was the best in terms of error safety, and DART had the highest cognitive load. As a result, the open source digital forensics tools community may consider these findings in selecting the right solution in order to perform its duties properly.
The idea for this research paper is to initiate research activities that can ultimately lead to a clear and more simply applied set of quality requirements for the aforementioned tools. So, future research will involve conducting a more comprehensive study that will encompass additional aspects of software quality. In addition, a comparative study of open and closed source digital forensics programs using standardized software quality requirements should be considered. This will enhance testing efforts and increase the quality of this type of software.
Keywords: Quality Models; Open Source Software (OSS); digital forensics tools; Autopsy; DFF; DART; Quality-in-use Model; ISO/IEC 25010; Designing user interfaces.
Authenticate Audio Video-Crypto Invisible Watermarking Approach for Enhancing Hidden Information Security and Robustness
by Mahesh Gangarde
Abstract: Now a days for any type of watermarking techniques imperceptibility, robustness, embedding capacity, security of hidden watermark secret data and recovery of good visual quality of both covers as well as watermark secret data are the major issues. There is always a tradeoff between embedding capacity, robustness and imperceptibility, hence the suggested approach gives the perfect solution to all these major issues. To solve these issues the selected frame of video and the secret data as image and audio is divided into the number of parts and every part is mapped using APLM (Adaptive Pixel Location Mapping) algorithm to get watermarked video, hence the embedding capacity and security of hidden watermark secret data is increased. To increase the robustness and imperceptibility of the proposed system a number of attacks have applied on watermarked video during transmission. The proposed system also calculates the key security parameters like Peak Signal to Noise Ratio (PSNR), Mean Square Error (MSE), Histogram, Structural Similarity Index Module (SSIM), Cross Correlation Factor (CCF) and Bit Error Rate (BER) before watermarking, after watermarking and after recovering the secret data from watermarked video which are found to be identical, hence the proposed system is more resistive to any type of attack. Furthermore, the obtained simulation result shows that the suggested audio, video-crypto invisible watermarking approach is found to be better in terms of perceptibility, robustness, privacy, security and large embedding capacity and recovery of cover video and secret watermark data as compared to any existing techniques.
Keywords: Audio Video Watermarking; APLM; Perceptibility; Robustness; Watermark Information Security.
Attribute-based encryption supporting data filtration over post-quantum assumptions
by Chunhong Jiao, Xinyin Xiang
Abstract: As the internet becomes prevalent, plenty of sensitive data is being transferred in open networks environment. It is worth concerning how to achieve efficient data transfer in a privacy-preserving manner. Although attribute-based encryption (ABE) can achieve fine-grained access control over encrypted data, it still could not work for restricting unauthorised user to access. In this paper, we introduce a new cryptographic primitive called attribute-based encryption supporting data filtration (ABE-SDF), and formalise the security mode by incorporating the advantages into previous ABE. Finally, we present an efficient construction of the scheme over post-quantum assumptions our scheme is believed to be quantum-resistant owing to the special property of lattices. Based on the LWE assumption, we prove that the proposed scheme has the indistinguishability against selective chosen plaintext attacks and the authentication information security.
Keywords: attribute-based encryption; data filtration; LWE; post-quantum assumptions.
Video steganalysis to obstruct criminal activities for digital forensics: a survey
by Mukesh Dalal, Mamta Juneja
Abstract: Steganography is the method to hide information in a carrier whereas steganalysis is the procedure to discern the presence of the information hidden in a carrier. Steganography is used for secure communication however terrorists or criminals can also use steganography techniques for camouflage communications. On that account, the techniques for steganalysis are becoming more significant nowadays. The significance of steganalysis techniques that can precisely detect the existence of secret data in a video is increasing nowadays as there is evidence found that terrorist groups are using video steganography to communicate. Hence, for national security, it is required to gather adequate evidence of the existence of secret data embedded and interrupt the communication. This paper intends to present some of the evidences of the use of steganography by terrorists and criminals with a survey of existing video steganalysis techniques and also discuss some of the open challenges in this field.
Keywords: steganography; video steganalysis; spatial domain; transform domain; compression; motion vector; motion estimation; inter-frame prediction; intra-frame prediction; classifier; digital forensics.
A comparative forensic analysis of privacy enhanced web browsers and private browsing modes of common web browsers
by Ryan M. Gabet, Kathryn C. Seigfried-Spellar, Marcus K. Rogers
Abstract: Growing concerns regarding internet privacy has led to the development of enhanced privacy web browsers. The authors conducted a digital forensic examination, to determine the recoverable artefacts of three enhanced privacy web browsers (Dooble, Comodo Dragon and Epic) and three commonly used web browsers in anonymous browsing mode (Chrome, Edge and Firefox). In addition, the authors compared two digital forensic tools (FTK and Autopsy) commonly used by law enforcement to determine differences in recoverable browser artefacts. Results indicated the enhanced privacy browsers performed about the same as the common browsers in anonymous browsing mode. In addition, FTK was the better tool for recovering and viewing browser artefacts for both browser groups. Overall, this study did not produce sufficient evidence to conclude enhanced privacy browsers do indeed provide better privacy.
Keywords: privacy browsers; internet artefacts; digital forensics; forensic toolkit; FTK; anonymous.
Optimised elliptic curve digital signature on NIST compliant curves for authentication of MANET nodes
by Raj Kamal Kapur, Sunil Kumar Khatri, Lalit Mohan Patnaik
Abstract: Secure routing protocols for mobile ad hoc networks (MANETs) use digital signatures for authentication which increases computational and communication overheads. Elliptical curve digital signature (ECDSA) uses much shorter keys resulting in smaller signatures, lower computational load, less memory and power requirements which are crucial to MANET nodes. The ECDSA has a characteristic that the signature generation is very fast but signature verification takes much longer time. Optimisation of point operations and scalar multiplication of points have been proposed for accelerating the signature generation and verification process. The proposed method has been software implemented by writing the code in Java using Big-integer class on a Linux platform for National Institute of Standards and Technology (NIST) compliant curves and has accelerated the signature verification process of ECDSA by approximately 27% over the sequential mixed Jacobian-Affine NAF scalar multiplication method of verification.
Keywords: elliptical curve digital signature; ECDSA; elliptic curve; mobile ad hoc network; MANET; digital signature; node authentication; secure routing protocol.
A new diffusion and substitution based cryptosystem for securing medical image applications
by L. Mancy, S. Maria Celestin Vigila
Abstract: Due to the rising privilege for tele-health facilities have sophisticated responsiveness in the usage of medicinal image safeguard proficiency. It mainly compact with patient records that are secretive and must only available to legal person. So the medical image safety becomes a very significant problem, when patient evidence is conveyed through the public network. In this paper, a secret key of 128-bits size is generated by an image histogram. Initially, the photo sensitive feature of digital imaging and communications in medicine image is decomposed by the mixing process. The resulting image is distributed in key reliant blocks and further, these blocks are passed through key reliant diffusion and substitution processes. A total of five rounds are used in the encryption method. Finally the generated secret key is embedded within the encrypted image in the process of steganography. This also enhances the security of proposed cipher. At the receiver side the secret key was recovered from the embedded image and decryption operation was performed in inverse format. Performance analysis designates that the proposed cipher is more secure.
Keywords: diffusion; substitution; histogram; encryption; steganography.
Energy deviation measure: a technique for digital image forensics
by Surbhi Gupta, Neeraj Mohan, Parvinder Singh Sandhu
Abstract: Digital image forgery and its forensics have emerged as a significant research domain. Digital forensics is required to examine the questioned images and classify them as authentic or tampered. This paper aims at image tamper detection using a novel energy deviation measure (EDM). The EDM is a measure of deviation in pixel intensity with respect to its immediate and distant neighbourhood. It is extracted by measuring the inter pixel intensity difference across and inside the DCT block boundary of a JPEG image. Features from EDM have been used for the classification of the authentic and tampered images. Support vector machine is used for image classification. The experimental results have shown that the proposed method performs better with fewer dimensions as compared to other state of the art methods. It gives improved accuracy and area under curve while classifying images. It is robust to noise and JPEG image compression quality factor.
Keywords: energy deviation measure; EDM; image tampering; copy move forgery; image splicing; image forensics; compression artefacts.
A new scheme of preserving user privacy for location-based service
by Xiaojuan Chen, Huiwen Deng
Abstract: Individual privacy has been a great concern to users who need the location-based service by networked devices such as smart phones and personal computers. Usually, the provider who can provide a location-based service is regarded as semi-trusted or honest-but-curious. It leads to tremendous harmfulness for users who request this service because the dishonest service provider leaks the users' personal information. To preserve user privacy, we propose a scheme which achieves user privacy information including location, identity, and domain, while the user can still obtain the required service from a service provider. For the sake of less computational time and minimal computer power, only symmetric key cryptography is employed in our system. This scheme is secured by our security analysis, and is feasible through our imitating implementation. Compared with related schemes, our scheme can provide sufficient property to meet our requirements.
Keywords: preserving privacy; security; confidentiality; location-based service; symmetric encryption.