International Journal of Electronic Security and Digital Forensics (10 papers in press)
Identifying Artifact on Microsoft OneDrive Client to Support Android Forensics
by Gandeva Bayu Satrya, A.A. Nasrullah, Soo Young Shin
Abstract: Microsoft software is perhaps the most widely used around the world. As computing technology has evolved they have been at the cutting edge and have developed a number of ground breaking and useful applications. Microsoft OneDrive is one such application. OneDrive is a cloud storage service offering 7GB free storage to users. This technology can be misused and through it laws governing the cyber world violated. Current solutions to this are to perform digital forensics when cybercrime has occurred. This research used two different vendors of Android smartphones as experimentation objects. A model has been developed in this research, which provides instructions for digital mobile forensics analysis in finding artifacts related to the client's activities on OneDrive cloud storage application. These artifacts can be used as digital evidence by digital forensics investigators and the research increases the knowledge of cyberlaw practitioners.
Keywords: artifacts; cybercrime; cloud storage; digital forensics; Android forensics; OneDrive analysis.
Security awareness and the use of location based services, technologies and games
by Jacques Barnard, Magda Huisman, Gunther Drevin
Abstract: Rapid expansion and development in the modern mobile technology market has created an opportunity for the use of location-based technologies and games. Because of this fast expanding market and new technology, it is important to be aware of the implications this expansive technology could have on computer security. This paper will endeavour to measure the impact of location-based technologies and games on the security awareness of first- to fourth-year computer science university students. A questionnaire, posted on the web, and completed by computer science students from different year groups, was used to collect the data for this study. The major results of this study are the following: There is a difference in the security awareness of students who use and play location-based services, technologies and games and those who do not. This study also determined that the computer science students are cautious of security implications although they do not take preventative measures.
Keywords: Technology use; mobile location-based games; mobile location-based service; security awareness;.
An Improved LSB Based RDH Technique with Better Reversibility
by Jayanta Mondal, Debabala Swain
Abstract: Lossless image recovery has significant importance in image transmission and security. In this aspect, lots of Reversible Data Hiding (RDH) techniques are available as literature. Still ample measures can be adhered to achieve better reversibility. This paper presents an improved reversible RDH technique to perform a quantitative study to evaluate the recovery of sent image without any distortion. In Reversible Data Hiding the original image has to go through the encryption and embedding process before transmitting to the receiver. In the proposed RDH technique a series of computations are done on the three LSB to embed secret bits in the encrypted image. Similarly the reverse computations are performed on the LSBs to extract the original image content from the decrypted image. Experimental analysis proves the achievement of the proposed technique through different parameters like, PSNR, SSIM etc.
Keywords: Reversible Data Hiding; LSB Based Encryption; Data Embedding; Lossless Recovery.
An Automobile Security Protocol: Side-channel Security against Timing and Relay Attacks
by Mohd Anuar Mat Isa
Abstract: Keyless Go, Automotive keyless systems (AKS), passive keyless entry and start (PKES) are names given to smart systems that allow a driver to unlock a car without pressing any key, and drive the car without inserting a smart key for starting or stopping the car engine. It is one of the debutant IoT applications in automotive sector. This work presents a 128-bit pairing security protocol (PSP 128 bits) lightweight cryptographic protocol as a security protocol authentication between owner and car. The PSP 128 security analysis in timing and relay attacks by an adversary will be discussed and its resilience proved using a theoretical security reduction method. The theoretical security reduction results are supported by findings from an experimental test bed using RaspberryPi board and radio frequency (RF) communication. Based on the experiment results, the PSP 128 can support up to 56 thousand authentication sessions between owner and car per typical usage. It is estimated that a standard automotive battery running the device can have a lifespan of up to 7 years with typical use.
Keywords: keyless; automotive; relay attack; side-channel attack; iot; lightweight; cryptography; rf security; raspberrypi.
A Proposal for curriculum development of educating and training Brazilian police officers in digital forensics investigation and cybercrime prosecution
by Ilane Cunha, Jefferson Cavalcante, Ahmed Patel
Abstract: The Internet and computer systems are infested by cybercrimes. Like any other crime, it needs investigations and analysis to prosecute the criminal. It is against this backdrop that it is important to have educated and trained staff not only to fight cybercrimes but to comprehensively investigate them objectively for the purpose of prosecution. This article presents a proposal for the curriculum development, education, training and certified qualification of Brazilian police officers for preparing them to be as knowledgeable, reliable, efficient and effective as possible. The proposal presents two types of training and qualification: police officers as first responders who are likely to encounter cybercrime activities and police officers as cybercrime investigators and analyst as highly skilled world class investigator specialists. To meet this target, the proposal after presenting the background concepts and requirements presents, the syllabus and laboratory practical sessions for each level of training to evolve specialist investigators
Keywords: Cybercrime training; cybercrime investigators; cybercrime prosecutors; computer and digital investigations; digital forensic; computer forensics; security; security threats; privacy; curriculum development; syllabus development; accreditation; qualification.
A review of Video Falsifying Techniques and Video Forgery Detection Techniques
by Mei Choo ANG, Manar A. Mizher, Ahmad A. Mazhar, Manal A. Mizher
Abstract: The term video attack has gained attention under the name video forgery. The simplest type of video forgery is copy-move tampering which can be detected by human eyes. The complex type of video forgery is video falsifying which is more professional than copy-move as highly improved techniques are needed to detect a falsified video. The difficulty of detecting video falsifying attack because of changing the semantic meaning of the original videos by creating fake videos; this can be conducted by editing, combining or generating a new video content. In this paper, several types of video falsifying techniques and video forgery detection techniques are studied and classified, challenges with existing forgery detection techniques are given, and a conclusion of recommended suggestions is presented. Recommendations focus on advanced forgeries such as object motion interpolation forgeries, and dynamic texture inpainting to increase the security against these types of tampering on key frames.
Keywords: video falsifying; forgery detection; spatio-temporal attacks; secure system; fingerprint framework; keyframes extraction.
An Investigation into the Forensic Implications of the Windows 10 Operating System: Recoverable Artefacts and Significant Changes from Windows 8.1
by Diana Hintea, Robert Bird, Michael Green
Abstract: With the release of Microsofts latest operating system, Windows 10, forensic investigators must examine it in order to determine the changes implemented from Windows 8.1 and the addition of new artefacts. This study is an analysis of Windows 10 and its new features in order to distinguish these artefacts. The tools used include: VMware Fusion, FTK Imager, Process Monitor, Process Explorer, ESEDatabase View and Registry Explorer. The paper also determines if artefacts have changed in Windows 10 in comparison to the previous version of Windows, Windows 8.1. When comparing the two it was found that many of the pre-existing artefacts found within Windows 8.1 are still present in Windows 10. Slight differences are noted in the way Prefetch files are compressed and also the Thumbnail databases. Significant artefacts related to the new features in Windows 10 are also reported.
Keywords: Windows 10; Forensic Analysis; Digital Forensic Acquisition.
An Evidence Collection and Analysis of Windows Registry
by DINESH PATIL, Bandu Meshram
Abstract: The cyber crimes are committed internally or externally. The malwares and the remote access are the means of committing the cyber crimes externally, whereas the trusted insider in an organization causes industrial espionage internally. On the Windows System, the Registry is a source of evidence against the cyber criminal as it maintains the details of the activity on the system. The digital forensic investigation of the Windows Registry helps in collecting forensic information relevant to the case. The Registry maintains a very large amount of system and user related information. In order to gather the potential evidence about the malicious activities of the user, the forensic investigator is needed to search the entire Registry; resulting in the wastage of the time and the effort. This raises the need for an evidence collection and analysis methodology to identify, extract and analyze the evidence specifically related to the user activities on the system. After considering the existing research, this paper suggests a framework with the improved evidence collection and analysis methodology to aid in the process of Digital Forensic Investigation of Registry for identifying the potential malicious insider.
Keywords: Registry; Registry Key; Hives; Integrated Analysis; Timeline.
Embedding Digital Watermark in One-Dimensional Signals Using Wavelet & Schur Decomposition
by Arashdeep Kaur, Malay Kishore Dutta, K.M. Soni, Nidhi Taneja
Abstract: An efficient, robust and secure audio watermarking algorithm which can hide large number of watermarking bits without perceptually affecting the quality of the audio signal is presented in this paper. The proposed algorithm has been de-signed using Schur decomposition of wavelet coefficients to achieve the optimal balance between conflicting design parameters of audio watermarking. Schur de-composition makes the proposed method significantly robust against challenging signal processing attacks and discrete wavelet transform gives a good opportunity for accommodating very high watermarking payload without affecting the percep-tual quality. The choice of these two domains complement each other in address-ing the contradictory design requirements of watermarking. Experimental results indicate that this algorithm is highly perceptually transparent and have excellent subjective audible quality at 480 bps embedding capacity. This algorithm has shown very good robustness to the challenging synchronization attacks like com-pression and various signal processing attacks at very high payload without af-fecting the audible quality of the signal. The computation time of the proposed al-gorithm is also found to be very less making it suitable for real time applications.
Keywords: Audio Watermarking; Wavelet decomposition; Digital Watermark; High embedding rate; Schur decomposition.
Encryption Scheme Classification : A Deep Learning Approach
by Jonathan Pan
Abstract: Encryption has an important role in protecting cyber assets. However use of weak encryption algorithms could render this intent useless as it could be exploited to gain unauthorized access to these important assets. This vulnerability may be exploited intentionally. Hence this vulnerability has been formally recognized with its own Common Vulnerabilities and Exposures (CVE) label by cyber security community as the vulnerability to protect. When exploited, detecting this vulnerability from encrypted data is very difficult task to undertake. This research explores the use of recent advancement in machine learning algorithms specifically deep learning algorithms to classify encryption schemes based on entropy measurements of encrypted data with no feature engineering. Past research work using various machine learning algorithms have failed to achieve good accuracy results in classification. The research entails applying encryption algorithms Data Encryption Standard (DES) and Advanced Encryption Standard (AES) with block cipher modes namely Electronic Codebook (ECB) and Cipher Block Chaining (CBC) over the image dataset from CIFAR10. Two ImageNet winning Convolutional Neural Network deep learning models namely AlexNet and GoogleNet are used to perform the classification. Transfer learning and layer modification were applied to evaluate the classification effectiveness. This research concludes that deep learning algorithms can be used to perform such classification where other algorithms have failed.
Keywords: Encryption Classification; Deep Learning; Artificial Intelligence.