International Journal of Electronic Security and Digital Forensics (16 papers in press)
Forward secure certificateless proxy multi-signature scheme
by Ronghai Gao
Abstract: In order to deal with key exposure problem, we introduce forward secure technique into certificateless proxy multisignature scheme, and give the formal definition and security model of forward secure certificateless proxy multisignature.Furthermore, we present a construction of forward secure certificateless proxy multi-signature scheme.Based on the difficulty of computational Diffie-Hellman problem, the proposed scheme is existentially unforgeable against adaptively chosen-message attacks and chosen- warrant attacks in the random oracle model. The proposed scheme does not use bilinear pairs in the key update and generation proxy signature phases, and updated proxy key is easy, thus it is more suitable for mobile environments. Our scheme has effectively dealt with the key exposure problem and certificate management problem.
Keywords: certificateless cryptography; proxy signature; proxy multi-signature; forward secure; computational Diffie-Hellman problem.
Possible Attempts to Identify E-mail Header of the Sender for Academic Qualification Fraud
by Nathaporn Utakrit, Pongpisit Wuttidittachotti
Abstract: Education is the core of the countrys development. A good education can increase a persons chances of having a good job, consistent pay raises, and a stable life; without a degree, it will be more challenging to have these things. A diploma mill arises when a person without a degree wants to get a better job and earn a more substantial salary. Buying and selling degrees over e-mail is one way to avoid detection. This research aims to contribute to forensic counteractive measures that can identify and track the people who use e-mail for data sharing. This examination focused on senders e-mail that could be used as a part of juridical significance in criminal justice. This research had adopted e-mail forensic process to acquire, extract, analyse, and interpret data. The authors conducted the empirical analysis from the experimental e-mails headers using forensic tools and manual approach based on the Request for Comments (RFCs) as the primary guidelines. The scope excluded the analyses of e-mail contents and attachments. The study found that the commercial tool extracted headers less often than the free alternatives. All sending channels could identify the senders identification. E-mail sent from desktops provided the computer name and ISP of the sender. However, typical and anonymous e-mails can only trace back to the original mail servers. Although tools could provide investigators with ease and convenience, data acquisition and validation need to be done manually. Digital forensic experts must utilise their strong forensic analytical and investigative skills to formulate and present results and conclusions in a format that can be easily understood. This research is not the ad hoc mechanism, but it can be implemented in other criminal investigations or related endeavours.
Keywords: E-mail message header; e-mail forensics; anonymous e-mail; typical e-mails; diploma mills; Request for Comments.
Forensic Analysis and Data Recovery from Water-Submerged Hard Drives
by Alicia Francois, Alastair Nisbet
Abstract: In many digital forensic investigations, a common location to recover files as evidence of wrongdoing is a computer hard drive. Hard drives have increased greatly in storage capacity since their introduction in computers in the 1950s making them a rich source of evidence for the forensic investigator. This awareness may also lead to the destruction of hard drives or entire computers by throwing them into water in an attempt to prevent recovery of data. This research looks at the solid state hard drives alongside platter hard drives in particular and the time water will take to enter the hard drive once it is submerged. Experiments show that once water has entered the drive, various components will be affected by the water and the drive will become inoperable. A guide for forensic investigators is constructed indicating the likely time required to recover the drive before water ingress occurs, and the various parts of the drive that may be damaged and whether repairs or replacement of those parts is possible.
Keywords: Forensics; Security; Hard Drive; Water Damage.
Mobile Phone Forensics
by Manish Kumar
Abstract: Collection and analysis of digital evidence from mobile phones plays vital role to solve many civil and criminal cases. Digital forensics expert need specialized tools and techniques to extract the evidence from mobile phones for analysis. Extracting the evidence from mobile phones in forensically sound manner is never been an easy task, as the entire process must ensure the integrity of evidence and its admissibility in the court of law. There are various tools and techniques available for mobile forensics, which are classified based on its complexity and its physical characteristics. Forensics examiner need to assess the complexity of the case and select the tools accordingly. This paper discusses in-detail about the systematic approach, which can be used for mobile forensics. Each approach has its own advantages, disadvantages, cost and complexities which is highlighted in the paper along with the list of standard tools and their key features.
Keywords: Mobile Forensics; Digital Forensics; Electronic Evidence; Non-Destructive Method; Semi-Destructive Method; Destructive Method; JTAG; Chip-Off.
Cyber Legislation and Cyber-Related Legal Issues in Bangladesh: Inadequacies and Challenges
by Kudrat-E Khuda, Md. Ahsan Ullah
Abstract: Technology has inevitably evolved, driving significant human progress in every sphere of life. Amid this technological development, laws and regulations have been enacted to control offences relating to global advances in technology, including in Bangladesh. Bangladesh government has taken many initiatives to make the country digital. But in Bangladesh, the cyber-related laws are full of shortcomings and the customary laws are extremely outdated and most of the laws do not fit the era of ICT. Although Bangladesh government passed the ICT Act and the Digital Security Act to control cyber-crime, the countrys existing laws for fighting the menace are inadequate due to certain limitations. The article examines contemporary cyber legislation and legal issues in Bangladesh, together with the customary laws and existing policies, with a view to identifying their inadequacies and challenges. This article makes use of secondary data i.e. books, journals, customary laws, Acts etc.
Keywords: Cyber Legislation; Cyber-crime; Cyber-security; Globalization; Bangladesh.
An Efficient Technique to Detect Slow Rate DDoS Attack from Private Tor Network
by Yogita Mane, Uday Pandit Khot
Abstract: A roBOT NETwork is a collection of insecure computers connected via internet. All the activities of insecure computers are controlled by BotMaster. Lately, the BotMaster moved his activities to Tor browser because the secured Tor network makes the detection of Botnet more difficult. The purpose of this paper is to identify Tor based Bot. As the Tor Browser is highly secure and doing practical experiment on it is not advisable as it rises ethical issues which could affect the performance and functionality of Tor. Thus, in the proposed system private Tor network (PTN) on physical machines under LAN infrastructure with dedicated resources had been created. The paper shows the detection and deactivation of Tors Hammer Bot. For detection, delta time (T) is calculated and set the threshold value. For normal it is minimum 100 ms and attack it is less than equal to 10 ms. The TPr is 86.79% and FNr is 13.21%.
Keywords: Tor Network; Botnet; Botmaster; Slow Rate DDoS Attack; Private Tor Network ; tor' sHammer; Delta time.
Drone Forensics: Investigative Guide for Law Enforcement Agencies
by Nilay Mistry, Hitesh Sanghvi
Abstract: Today technology takes humankind on the next level, where unmanned vehicles are taking participation in day to day activities. When these technologies like auto pilot vehicles, auto pilot cars, auto pilot aircraft can be very easily operated with remote control. Technology comes with its own pros and cons. Out of such technology drones - the flying object with remote command and control facility is known as UAV (Unmanned Aerial Vehicle) often called Drone. Most of the drones working on Remotely Piloted Aerial Systems (RPAS) technology. Drones are earlier used in photography, delivering items from one place to another place, transportation, etc. purpose. But sophisticated criminals and state actors use this technology in different way like spying, bombarding, shooting etc. Law enforcement deals with biggest challenges to cope up and to investigate such incidents from the drones which found from crime scene.
Keywords: Drone; UAV (Unmanned Aerial Vehicle); Forensic; Investigation; Tracking; Embedded system forensics; Remotely Piloted Aerial Systems (RPAS) technology.
Digital Forensics in private Seafile Cloud Storage from both client and server side
by Asgarali Bouyer, Mojtaba Zirak
Abstract: Recently many open source cloud computing software have been created for addressing needs of such users that provide free cloud storage Seafile is one of these popular and newly developed software that is open source Privacy and security of stored data is a main challenge for cloud users With increased use of established cloud services by cloud software, it possible for malicious users to use this services for criminal purposes So digital forensic investigations of these cloud services is necessary In this paper, we document a series of digital forensic experiments on Seafile cloud storage service with the aim of providing forensic researchers and practitioners on both the client and server sides of Seafile In this research, different circumstances is created for digital forensic examinations, such as when the user uses anti digital forensic tools to delete files. Also, Seafile client software and browsers are used for interaction with server.
Keywords: Cloud computing; digital forensics; Seafile; cloud forensics; open source cloud storage.
Splicing Forgery Localisation using Colour Illumination Inconsistencies
by PNRL Chandra Sekhar, T.N. Shankar
Abstract: In the digital imaging era, people used to deliberately distort images or videos for fun or misleading others. Image splicing is one of the methods of manipulation by copying an image from one photograph and pasting it into another.Typically, those two photographs were captured in different environments from various image sources. In this paper, we proposed a simple statisticalbased learning-free approach to reveal this type of splicing forgeries using illumination inconsistencies with the assumption that the original images may have uniform illumination. The image first segmented into irregular objects as superpixels and color illumination is estimated for each superpixel using greyness index in rg-chromaticity space. For each pair of superpixels, the dissimilarity is then estimated. A Superpixel Region Growing algorithm is proposed to extract automatically all the tampered superpixels to localize the spliced region without human involvement. The results of the experiment showthat the proposed method effectively localizes splicing forgery than the state of art.
Keywords: Image forensics; splicing forgery detection; Localisation; colour illumination estimation; region growing.
IoT Cybersecurity Threats Mitigation Via An Integrated Technical and Non-Technical Solutions
by HAZIM Al-Sibai, Theyab Alrubaie, Wael M. El-Medany
Abstract: Recent years have seen the rapid development and deployment of IoT (Internet-of-Things) Despite the effectiveness and efficiency brought about by this technology, there are numerous challenges in terms of security. Based on the scale and diversity of connected applications, new and critical threats to security and privacy have emerged. With a growing number of connected devices, every day so does the number of security threats and vulnerabilities posed to these devices. The IIoT (Industrial Internet of Things) is concerned with making industrial environments more connected and thus smarter. However, this transformation comes with a huge number of threats that should be addressed. The primary goal of this research paper is to provide a technical solution as well as a holistic approach (framework) of security concerns. This will be supported by number of non-technical factors to build a resilient cybersecurity model to effectively and efficiently mitigate cybersecurity threats.
Keywords: IoT; IIoT; Cybersecurity; Risks; Cyber-threats; Solutions.
A new colour image encryption approach using a combination of two 1D chaotic map
by Djamel Herbadji, Nadir Derouiche, Aissa Belmeguenai, Nedal Tahat, Selma Boumerdassi
Abstract: In this paper, we propose an improved chaotic map by coupling two existing methods. Numerical tests prove that the proposed technique presents closely complex behaviour and wider chaotic range than their seed maps. In this paper a new colour image encryption approach using the enhanced chaotic map has been suggested. The proposed scheme is based on the conventional confusion-diffusion structure that contains a new permutation process, it has designed to randomly scramble neighbouring pixels. The performance and the quality measurement of the proposed scheme are analysed by comparing it with some existing research.
Keywords: image encryption; security; chaotic map.
Risk assessment of smart grids under cyber-physical attacks using Bayesian networks
by Anas AlMajali, Yatin Wadhawan, Mahmood S. Saadeh, Laith Shalalfeh, Clifford Neuman
Abstract: Different technologies are used to manage the integration of smart devices with the conventional power grid. This new integration allows more control and monitoring capabilities for stakeholders and customers. However, it also makes the smart grid susceptible to new classes of cyber-physical threats that have to be analysed, evaluated and mitigated. In this paper, we evaluate the risk of manipulating circuit breakers that connect a power generator to the smart grid. Our main contribution is performing risk assessment of the grid by combining the vulnerabilities of its cyber domain and the transient stability analysis of its physical domain. First, we estimate the probability of compromising the energy control centre (ECC) using a Bayesian network. The ECC can be exploited to manipulate circuit breakers. Second, we analyse the impact of manipulating circuit breakers in the IEEE 39-bus test system. Third, the probability of compromise and its impact are combined to quantify risk. Finally, we analyse the effect of integrating photovoltaic (PV) systems on the stability of the smart grid under the same attack scenarios. The results indicate that integrating smart grids with PV systems can improve resilience even if a cyber-attack succeeds.
Keywords: smart grid; photovoltaic system; cyber-physical attack; risk; resilience.
Reversing and auditing of android malicious applications using sandboxing environment
by V. Joseph Raymond, R. Jeberson Retna Raj
Abstract: The android market has gained lot of popularity in the past recent years. The operating system stack is open source, many security analysts and hacker's has the platform to perform research on digital forensics and further enhance their exploiting in finding weakness and modifying the software attack. Our goal in this paper is to perform reversing android malicious applications henceforth audit the vulnerabilities. We reverse using the tools like apktool, dex2jar and jd-gui. Static and dynamic analysis is done with the help of sandboxing environment achieving the goal of reverse engineering. We monitor the activities, services, broadcast receiver's, shared preferences, intents and content providers. Many vulnerable apps uses content provider leakage to store and query data within the phone helpful in auditing purpose. Mobile forensics is about acquisition of information about app installed in platform. In the paper, we perform attack surface and analysis malicious features inside application by exporting its features.
Keywords: static analysis; dynamic analysis; app reversing; attack surface; mobile forensics.
Hardware-based cyber threats: attack vectors and defence techniques
by Reza Montasari, Richard Hill, Simon Parkinson, Alireza Daneshkhah, Amin Hosseinian-Far
Abstract: There are certain vulnerabilities associated with computing hardware that attackers can exploit to launch destructive attacks which often go undetected by the existing hardware and software countermeasures. Side channel attacks (SCAs) and Rowhammer attacks (RHAs), the consequences of hardware vulnerabilities, pose significant security and privacy threats to self-contained computing components and their end-users respectively. Such attacks compromise the security of computational environments, even those with advanced protection mechanisms such as virtualisation, sandboxes or robust encryptions. In light of these security threats against modern computing hardware, we perform an analysis overview of the modi operandi of SCAs and RHAs in hardware implementation and techniques that can be used to extract sensitive data such as secret keys. We then propose various countermeasures to safeguard against these attacks.
Keywords: side channels; microarchitectural attacks; cyber threats; hardware attacks; embedded systems; digital investigations; countermeasures.
The crimes in the field of high technology: concept, problems and methods of counteraction in Kazakhstan
by Kanat S. Lakbayev, Gulnara M. Rysmagambetova, Alizhan U. Umetov, Askar K. Sysoyev
Abstract: The article investigates the concept, problems and methods of counteraction to crimes in the field of high technology. The main attention of the authors is aimed at determining the essence of these crimes and the dynamics of their spread in the global and regional aspects. At the same time, the article gives the example of the experience of foreign countries where the relevant methods of counteraction to high-tech crimes have already been developed. Special attention is paid to the study of criminal acts committed using the internet world network where new types and methods of committing crimes regularly appear and develop. The gaps in the regulatory support of law enforcement agencies involved in the detection and investigation of crimes in the field of high technology were revealed. On the basis of the materials certain criminal cases identified the main problems contributing to their commission were revealed.
Keywords: crimes in high technology field; computer crime; phishing sites; RAT-programs; anonymiser programs; 'hidden' internet; Darknet; Kazakhstan.
Internet of things devices: digital forensic process and data reduction
by Reza Montasari, Richard Hill, Farshad Montaseri, Hamid Jahankhani, Amin Hosseinian-Far
Abstract: The rapid increase in the pervasiveness of digital devices, combined with their heterogeneous nature, has culminated in increasing volumes of diverse data, a.k.a. big data that can become subject to criminal or civil investigations. This growth in big digital forensic data (DFD) has forced digital forensic practitioners (DFPs) to consider seizing a wider range of devices and acquiring larger volumes of data that can be pertinent to the case being investigated. This, in turn, has created an immense backlog of cases for law enforcement agencies worldwide. The method of data reduction by targeted imaging, combined with a robust process model, however, can assist with speeding up the processes of data acquisition and data analysis in IoT device forensic investigations. To this end, we propose an IoT forensic investigation process model, IoT-FIPM, that can facilitate not only the reduction of the evidentiary IoT data, but also a timely acquisition and analysis of this data.
Keywords: IoT forensics; digital forensics; data acquisition; big data; process model; digital investigations; computer forensics; formal process.