International Journal of Electronic Security and Digital Forensics (23 papers in press)
Network Forensics Investigation: Behaviour Analysis of Distinct Operating Systems to Detect and Identify the Host in IPv6 Network
by Abdullah Ayub Khan, Syed Asif Ali
Abstract: This paper studies the behaviour analysis of distinct operating systems for the purpose of forensics investigation in the IPv6 network and ensures the detection as well as identification of the network host. The network forensics parameters help to capture, filter, analyse, and information reporting about the computer-based incidents and activities of cybercrime. IPv6 supports tackling the complication of traffic in a network environment, such as dual-stack, tunnel, and translation. This research sheds light on the IPv6 network, assesses the automatic and manual transition in order to characterise network behaviour. This paper proposes a flexible and automated method architecture to analysis operating systems behaviour by observing the system function calls, performing network investigation by using PCAP file analysis can help to detect and identify the host, sessions, and open ports in the virtual environment. Through the experimental result on the network traffic, PCAP files dataset of the University of New Haven, the proposed model can archive identify network host in IPv6 network with high accuracy rate, the result shows the robustness of the NetworkMiner in terms of behaviour analysis with efficacy as compared to other state-of-the-art schemes.
Keywords: digital forensic; network forensics; behaviour analysis of distinct operating systems; IPv6 networks; host identification; PCAP file analysis; NetworkMiner.
Improving the Asymmetric Encryption Algorithm Based on Genetic Algorithm, Application in Online Information Transmission
by Le Dinh SON, Tran Van AN, Nguyen Ngoc THUY
Abstract: Within the paper scope, the authors propose to improve two solutions of information security: First, improving the asymmetric key encryption based on genetic algorithm (GA); second, building architecture of stratified information transmission system with intermediate information transmission layer. The method of survey and analysis are applied with scientific publications related to asymmetric encryption and genetic algorithms. Applying genetic algorithm to improve asymmetric encryption algorithm and intermediate information transmission layer used in the building of information transmission system in order to further enhance the security. Empirical evaluation of the effectiveness of the proposed solutions. Application of proposed solutions in actual system in use. Improved asymmetric encryption algorithm based on genetic algorithm; applied the above algorithm in building a stratified information transmission system with intermediate information layer. Main conclusion: The improvement of information security solutions has further reinforced the security and ensured the processing speed as well as prospectively applied in practice.
Keywords: genetic algorithm; information security; asymmetric encryption; information transmission.
Low Complexity Cybersecurity Architecture For the Development of ITS in Smart Cities
by Nawal Alsaffar, Wael M. El-Medany, Hayat Ali
Abstract: The application of intelligent transportation system (ITS) within smart cities is an emerging technology that requires the access to a network, and might be exposed to cyberattacks, which may affect the privacy of users and drivers. One of the of the most important private information is the vehicle location, which may lead to physical attacks. Therefore, a security technique should be applied to secure the vehicles user data and location. Adding hardware security to the tracking device will increase the hardware complexity to internet of things (IoT) sensor, which has a limited area. This paper proposed a low complexity cybersecurity architecture to protect user privacy and sensitive information. The implemented design has been synthesized and simulated, and results has been discussed and verified for selecting the best techniques of data protection and less design complexity. The hardware implementation can be reconfigured for different cipher keys and different size of cipher text.
Keywords: internet of things; cybersecurity; threats mitigation; industrial internet of things; intelligent transportation system; ITS.
Digital Watermarking of Compressed Videos Using Larger Dimension 2D Error Correcting Codes for Higher Embedding Capacity
by Anjana Rodrigues, Archana Bhise
Abstract: This paper proposes a novel method of digital watermarking of MPEG videos using 2-dimensional error-correcting codes (2D ECC). The motion vectors of the video to be protected are used as the cover. Hence, this method is versatile and can be used to watermark videos of multiple formats such as MPEG-1, MPEG-2, MPEG-4 (AVC/H.264) and even the latest format HEVC/H.265. An error-correcting code of dimension 15X15 is constructed and used to embed the watermark into select motion vectors at the encoder and to retrieve the watermark at the decoder. The use of 2D ECC facilitates embedding of multiple bits of the watermark in various patterns inside the cover, thus improving imperceptibility. The results obtained on sample videos show a high embedding capacity of 8 bits/pixel and 245 bits/codeword, while still maintaining a PSNR greater than 40 dB, as compared to the existing 4 bits/pixel of other methods.
Keywords: 2D error correcting codes; digital watermarking; video watermarking; MPEG videos; copyright protection; motion vectors.
A Self-Embedding Fragile Watermarking using Spatial Domain for Tamper Detection and Recovery in Digital Images
by MONALISA SWAIN, Debabala Swain
Abstract: With the rapid growth of digital communication and multimedia data sharing over internet, the unauthorised access and tampering of the multimedia contents are increasing. In order to maintain the security and integrity of the communicated images, the tamper detection and recover processes are highly essential. Considering the above issues, a new self-embedding fragile watermarking scheme in spatial domain is proposed with enhanced tamper recovering capability. In the proposed process, the cover image is divided into non-overlapping blocks size 2 × 2. The image authentication and recovery can be performed using the six MSB of each pixel in the watermarked image. Due to spatial domain, each block is mapped into another block using a positive integer key value. The proposed technique is experimented against the number of tampered images with different rates of tampering. The test results evidence the novelty and efficiency, through the PSNR and SSIM parameters of the recovered image.
Keywords: self-embedding; fragile watermarking; tamper detection; image recovery; spatial domain; block mapping; least significant bit; LSB.
Volatile Memory Forensics Of Privacy Aware Operating Systems
by Nilay Mistry, Sampada Kanitkar, S.O. Junare
Abstract: Along with the use of the internet, awareness regarding the privacy of the user data is also increasing slowly and gradually but at a comparatively slower rate than that of cybercrime. At present in the market, there are many such operating systems available that are secured and leave the minimum number of traces which makes it difficult to retrieve or obtain any kind of data from that system after carrying out the forensics of that machine. In this research, acquisition, and analysis of random access memory (RAM), of such secured operating systems, is performed and potential artefacts related to the activities are identified, that the operating systems leave in the memory of the system which can be further submitted in the court of law as an evidence in case of a crime being committed using such security providing technology.
Keywords: privacy-aware operating systems; volatile memory forensics; volatile memory analysis; digital forensics; cybercrime; privacy; anonymity.
Network and Hypervisor-Based Attacks in Cloud Computing Environments
by Reza Montasari, Stuart Macdonald, Amin Hosseinian-Far, Fiona Carroll, Alireza Daneshkhah
Abstract: Cloud computing (CC) has become one of the most trans- formative computing technologies and a key business avenue, following in the footsteps of main-frames, minicomputers, personal computers, the World Wide Web and smartphones. Its vital features have considerably reduced IT costs, contributing to its rapid adoption by businesses and governments worldwide. Despite the many technological and economic benefits that CC offers, at the same time, it poses complex security threats resulting from the use of virtualisation technology. Compromising the security of any component in the cloud virtual infrastructure will negatively affect the security of other elements and so impact the overall system security. Therefore, to create a practical understanding of such threats, this paper provides an analysis of common and underexplored network- and hypervisor-based attacks against CC systems from a technical viewpoint.
Keywords: cyber security; threat intelligence; artificial intelligence; machine learning; cyber physical systems; digital forensics; big data.
Security and Privacy of Adolescents in Social Applications and Networks: Legal Practice of Developing Countries
by Ahmad Ghandour, Viktor Shestak, Konstantin Sokolovskiy
Abstract: The article aims to study the developed countries experience on the legal regulation of cyberbullying among adolescents, to identify existing shortcomings in the developing countries laws, and to develop recommendations for improving the regulatory framework. To do this, the authors have studied the state regulatory practice of the UK, USA, Canada, Malaysia, South Africa and Turkey and analysed the statistics of 2018 on the manifestation of cyberbullying among adolescents in these countries. It turns out that in the countries under review there is either no separate. The percentage of cyber aggression cases among adolescents in developing countries is higher than in developed countries. For example, in South Africa, it is 85%, and in Canada 33%. The results of this study can encourage countries to create separate cyberbullying legislation if they do not have it yet and periodically review and modify already existing legislation.
Keywords: adolescent protection; cyberbullying; depression; regulations; social networks; suicide.
Cybercrime in social media of Bangladesh: an analysis of existing legal frameworks
by Kudrat-E Khuda Babu, Md. Abu Bakar Siddik
Abstract: Unprecedented and rapid expansion of ICT has become a common platform for prospective criminals intending to commit crimes in a non-traditional manner. This new-age crimes are popularly known as cybercrimes in the form of stalking, hacking, cyber obscenity, cyber theft, breach of confidentiality, etc. The rampant growth of IT has pushed the legislators of developing countries like Bangladesh into various challenges and difficulties in moulding new legal regimes to govern the virtual world from multiple types of cyber problems. Now cybercrime in social media is in state of flux, which not only demands adequate tools to combat this but also requires terminological clarification of particular conduct as cybercrime or not. This paper tries to portray different types of cybercrimes in cyberspace especially in social media and to analyse existing laws to face contemporary challenges through data analysis of collected samples of specific areas to foresee ingenious minds of potential cyber.
Keywords: Bangladesh; cybercrime; information technology; legal framework; online; social media.
Digital Forensics and Cyber Forensics Investigation: Security Challenges, Limitations, Open Issues, and Future Direction
by Abdullah Ayub Khan, Aftab Ahmed Shaikh, Asif Ali Laghari, Mazhar Ali Dootio, M. Malook Rind, Shafique Ahmed Awan
Abstract: Digital forensics (DF) is the scientific investigation of digital criminal activities, illegal attempts, and cyber-attacks through computer systems. It is becoming a crucial aspect of law enforcement agencies, court law, and business farms to identify, preserve, examine, and analyse digital evidence using valid techniques for eventual demonstration of evidence that help to take further action. This review paper, exploring the methodology and framework of forensics investigation, is the impact of forgery on evidence, highlighting a list of popular investigation tools with features, applications, research challenges, limitations, and open research areas on digital forensics.
Keywords: digital forensics; computer forensics; scientific investigation; digital crime; forgery investigation; cybersecurity; information security; malicious attacks.
myEntropy: A File Type Identification Tool Using Entropy Scoring
by Tay Xin Hui, Kamaruddin Malik Mohamad, NURUL HIDAYAH A.B. RAHMAN
Abstract: myEntropy is an entropy calculator tool that is designed as a proof of concept to obtain the file entropy scoring for file type identification to facilitate digital investigations in file type-based attacks. myEntropy tool is developed by employing the entropy technique to obtain the entropy scoring for three types of file: SQL files, SWF files and JAVA files. Thus, entropy analysis experiments were undertaken using the benchmark datasets with a total of 250 files for each file type. The obtained file entropy values are then analysed to acquire the average entropy values and the entropy range. The results show that SWF files present a highly compressible file, JAVA files possess a higher probability to be compressed and SQL files present a higher probability for a given file to be compressed. These results would beneficial to investigators to quickly limit their focus on information units based on the specific target.
Keywords: digital forensics; entropy; entropy scoring; file type identification; FTI.
Legal Aspects of Law Enforcement Operative-Investigative Activity in Special Conditions in Kazakhstan
by Dauren T. Akhmetov, Gulnara M. Rysmagambetova
Abstract: The relevance of the study is explained by the need for timely identification of signs of illegal activity and prevention of it, which is an indicator of the effectiveness of the work of law enforcement agencies. The aim of this article is to investigate the problematic issues of the current legislation of Kazakhstan, which regulates the scope of law enforcement operative-investigative activity in relation to special conditions arising from mass violations of public order. The methodology of the research is based on the application of the following scientific methods: the structural-systematic, analytical, comparative and the method of transition from a general concept to a particular one. The results of study indicate that it is necessary to expand the capabilities of the law enforcement bodies of Kazakhstan in the implementation of operative-investigative activity according to special procedure that allows solving such issues.
Keywords: intelligence; surveillance and reconnaissance operations; destructive activity; social emergencies.
LEGAL FRAMEWORK FOR EXTERNAL SECURITY OF THE REPUBLIC OF KAZAKHSTAN
by Ainur A. Kassymzhanova, Gulnara R. Usseinova, Dina M. Baimakhanova, Alua S. Ibrayeva, Nurlan S. Ibrayev
Abstract: The purpose of the study is to show the crux of the legal framework of the Republic of Kazakhstan in external security. The paper presents the main aspects of international legal treaties, documents, and agreements to ensure the external national interests of the Republic of Kazakhstan, which facilitate coordinated cooperation with other states. The main methods of the study include research, as well as a thorough analysis of laws and regulations. Comparison of the legislative framework of Kazakhstan with the laws of the USA and Russia makes it possible to identify the most practical component used in ensuring the external security of these states. As a result, imperfections and peculiar conflicts in the laws of Kazakhstan and Russia were revealed. Thus, the fundamental laws concerning external and national security require certain improvements and changes, in particular, the addition of new concepts in external security.
Keywords: national security; government bodies; foreign policy environment; external national interests; threats; international organisations; public services.
Hybrid Turbo Code for Information Security and Reliability
by Vidya Sawant, Archana Bhise
Abstract: Wireless communication channels are highly vulnerable to security attacks and channel noise. Most wireless communication systems deploy Advanced Encryption Standard (AES) and Turbo code for security and reliability. However, the sequential process of encryption and encoding increases the resources, computational cost and reduces the overall error correction performance. A Hybrid Turbo Code (HTC) for encryption and error correction is proposed. The HTC deploys a proposed Weierstrass Elliptic Curve Interleaver (WECI) for random shuffling of the input bits. The difficulty of solving the elliptic curve discrete logarithm makes the WECI cryptographically strong. The simulation results of HTC depict a bit error rate of almost 103.8 at a signal-to- noise ratio of 2 dB similar to the conventional turbo code. Moreover, it provides security and reliability to the transmitted data at a reduced computational cost and memory as compared to the conventional system using Advanced Encryption Standard (AES) followed by turbo code.
Keywords: computational complexity; encryption; elliptic curve arithmetic; hybrid turbo code; HTC; Weierstrass elliptic curve interleaver; WECI.
A Survey and Analysis of Different Lightweight Block Cipher Techniques for Resource Constrained Devices
by G.C. Madhu, Vijayakumar Perumal
Abstract: Many smart applications are equipped with resource constrained devices which are characterised by small computational power, limited battery power and memory. Lightweight ciphers have become popular choice for providing security for these devices. This work is aimed to evaluate the performance and security of three lightweight ciphers called Anu, LiCi and Present. The performance of the ciphers is reported in terms of throughput. Data compression techniques are applied to improve the speed and throughput of the encryption. The efficacy of the ciphers in defending statistical attacks and differential attacks are assessed with the help of statistical and sensitivity tests. Our results proved that LiCi outperforms Anu and Present in many aspects.
Keywords: resource constrained devices; lightweight ciphers; performance; statistical test and sensitivity test.
Implementation of High Speed and Lightweight Symmetric Key Encryption algorithm Based Authentication Protocol for Resource-Constrained Devices
by Rajashree R, Vijayakumar Peroumal, Lalit Kishore, Venkata Diwakar Reddy K, Srujan Reddy, Jagannath M
Abstract: Encryption and decryption is accomplished by means of software or hardware, has been in continuous usage since the 2000s for data encryption using any communication medium. A modern authentication algorithm is introduced based on the AES algorithmic program and SHA algorithms to encrypt information for encrypted communication with improved security features. SHA shall be applied at the same time as the AES mechanism for secrecy, reliability and honesty checks. The core concept of algorithmic application is to achieve a high degree of data protection by integrating SHA and AES algorithmic programs in software and hardware. Both transmitter and receiver sections are included in the proposed model to safely send and receive data. Its been developed using Xilinx ISE 14.2, so that the parameters of the proposed algorithmic program can be compared with various different FPGAs and then further comparison of parameters along with DES algorithm may lead to satisfactory results.
Keywords: advanced encryption standard; AES; data encryption standard; DES; symmetric key cryptography; block ciphers; secure hash algorithm; field programmable gate array; FPGA; authentication.
The role of financial investigations in combating money laundering
by Roza M. Zhamiyeva, Gulmira B. Sultanbekova, Maral T. Abzalbekova, Bakytzhan A. Zhakupov, Murat G. Kozhanov
Abstract: The purpose of the study is to outline the role of financial investigations in money laundering. The leading research method is analysis, with the help of which the authors identified the main factors that help in the fight against money laundering and improving the effectiveness of financial investigations. The legal framework for the regulation of electronic finance and visual cases of financial fraud are analysed. Having analysed the international experience in regulating electronic finance, it was revealed what weaknesses are present in the legislative framework of Kazakhstan in this matter. The paper presents recommendations to improve the effectiveness of the fight against money laundering and determines the significance of financial investigations in solving this issue. The findings of the study can become a theoretical guide for the development of structures involved in financial investigations.
Keywords: financial fraud; electronic payments; virtual currencies; investigation of financial crimes; digital money.
The role and problems of legal culture in the social security of the population of the Republic of Kazakhstan
by Erkinbek K. Nurtazin, Aizhan Kozhaknmetova, Kalbike A. Sultankulova, Baktygul K. Ilyasova, Galym B. Teleuyev
Abstract: The issue of the establishment and development of legal culture in society is always very relevant not only in legal science but also in such sciences as philosophy, sociology, political science, legal psychology, etc. The purpose of this article is to study the scientific aspects of legal culture in the process of social security of the population. The leading methods of the study are systematisation and the analysis of existing theoretical data regarding this problem. These methods allowed to research complexly and variously legal culture in the social security of the citizens of the Republic of Kazakhstan. The concept and characteristics of legal culture were researched. It was concluded that the Kazakhstan society should direct all its intellectual potential and moral foundations to ensure and protect the institutions of civil society on the path towards a democratic state.
Keywords: democratic state; civil society; legal reforms; human values; Kazakhstan.
Provably secure authentication approach for data security in the cloud using hashing, encryption, and Chebyshev-based authentication
by Danish Ahamad, Md Mobin Akhtar, Shabi Alam Hameed, Mahmoud Mohammad Mahmoud Al Qerom
Abstract: Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud servers and users through the internet. This paper proposed an efficient hashing, encryption, and Chebyshev (HEC)-based authentication in order to provide security among data communication. With the formal and informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in the cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26 ms, and 1,878 bytes for 100 Kb data size, respectively.
Keywords: cloud computing; authentication; data security; access control; data privacy; hashing, encryption, and Chebyshev; HEC.
Reversible selective embedding for DICOM image security and integrity using visual cryptography
by Bijay Kumar Paikaray, Debabala Swain, Sujata Chakravarty
Abstract: Information security has been one of the biggest challenges in the era of telemedicine applications. To protect the patient's private records in medical images, several traditional methods are used. One of them is hiding the sensitive part of the image by embedding a different message into it. The data embedding can be done using methods like reversible data hiding (RDH) or reversible watermarking in the region of interest (ROI) of the original medical images. For ensuring the authenticity and integrity of the received medical image, an innovative data embedding technique is proposed in this paper. The proposed technique chooses selective blocks from the ROI based on the smoothness function and the region of non-interest (RONI) is embedded into ROI using some reversible operations. The proposed technique is an application of visual cryptography where the embedded region cannot be visually detected by an attacker. The experimental results prove the reversibility and the efficiency of the proposed approach.
Keywords: reversible embedding; selective; region of interest; ROI; region of non-interest; RONI; DICOM; visual cryptography.
The upgrade of security of automated process control systems
by Valery A. Konyavsky, Gennady V. Ross, Artem M. Sychev, Viktor N. Kvasnitsky, Tamara B. Zhuravleva
Abstract: The article is devoted to the main problems of protecting the network interaction of critical information infrastructures and the lines of solving the ones. An approach is formulated that allows one to combine the positive aspects of different ways of solving this task without combining their negative aspects: adaptation of CDSS to the features of technical facilities by dividing its hardware base into functional and interface parts. The technical solution based on the formulated approach, its key characteristics and indicators are described. The security of the technical solution provided by the application of the New Harvard Architecture and the resident security component is grounded. The prerequisites of applying the implementations of the described solution in various fields of industry, business, energy, in the transport and social fields are formulated.
Keywords: technological information; microcomputer; hardware data protection; smart energy system; internet of things.
Methods for forgery detection in digital forensics
by Punam Sunil Raskar, Sanjeevani Kiran Shah
Abstract: The information present in the footage/video clip is one of the solid evidence of the event at the incidents. Therefore, visual media crime-scene investigation has risen as a crucial research field, which fundamentally promotes techniques to deal with forgeries in forensic videos. This paper takes a reader to simplify the understanding of the existing work and provides a profound study of the prevailing literature in the field of digital forgeries. The retrospective analysis helps to reconnoiter the work done to date by categorising the forgery detection techniques in four different domains. The first aspect of the paper is useful for people working on detecting copy-move attacks (CMA). The second domain scrutinises the tamper detection work based on motion estimation techniques. The third facet puts forward the details about forgery detection based on optical flow principal and the fourth section helps researchers to recognise current forensic developments in compressed videos.
Keywords: compression; copy-move attacks; CMA; digital forensics; forgery detection; motion estimation; optical-flow; video forensics.
Smart card authentication model based on elliptic curve cryptography in IoT networks
by A. Shakeela Joy, R. Ravi
Abstract: In this research, an effective smartcard authentication model is developed in the internet of things (IoT) network based on elliptic curve cryptography (ECC). The proposed smart card authentication method has four phases, such as user registration phase, login phase, mutual authentication phase, and password update phase. Initially, the user accesses the real-time information from the sensing node by registering at the gateway node. During the login phase, the smart card is used by the user to login into the system with the supplied. In the mutual authentication phase, a session key is established between the accessed sensing node and the user through the gateway node. Finally, at the password update phase, the legitimate user updates the password without involving the gateway node. The proposed ECC-based authentication scheme is analysed using the metrics, such as detection rate, delay, and throughput for varying number of rounds.
Keywords: internet of things; IoT; communication; encryption; public key infrastructure; PKI; environment; session key; gateway node.