International Journal of Electronic Security and Digital Forensics (25 papers in press)
Reversible Selective Embedding for DICOM Image Security and Integrity using Visual Cryptography
by Debabala Swain, Bijay Paikaray, Sujata Chakravarty
Abstract: Information Security has been one of the biggest challenges in the era of telemedicine applications. To protect the patients private records in medical images, several traditional methods are used. One of them is hiding the sensitive part of the image by embedding a different message into it. The data embedding can be done using methods like Reversible Data Hiding (RDH) or reversible watermarking in the Region of Interest (ROI) of the original medical images. For ensuring the authenticity and integrity of the received medical image an innovative data embedding technique is proposed in this paper. The proposed technique chooses selective blocks from the ROI based on the smoothness concerning the Region of Noninterest (RONI) and performs the data embedding. The proposed technique is an application visual cryptography where the embedded region cannot be detected by an attacker. The experimental result proves the reversibility and the efficiency of the proposed approach.
Keywords: Reversible Embedding; Selective; ROI; RONI; DICOM; Visual Cryptography.
METHODS FOR FORGERY DETECTION IN DIGITAL FORENSICS
by Punam Raskar, Sanjeevani K. Shah
Abstract: The information present in the footage/video clip is one of the solid evidence of the event at the incidents. Therefore, visual media crime-scene investigation has risen as a crucial research field, which fundamentally promotes techniques to deal with forgeries in forensic videos. This paper takes a reader to simplify the understanding of the existing work and provides a profound study of the prevailing literature in the field of digital forgeries. The retrospective analysis helps to reconnoiter the work done to date by categorising the forgery detection techniques in four different domains. The first aspect of the paper is useful for people working on detecting copy-move attacks (CMA). The second domain scrutinises the tamper detection work based on motion estimation techniques. The third facet puts forward the details about forgery detection based on optical flow principal and the fourth section helps researchers to recognize current forensic developments in compressed videos.
Keywords: compression; copy-move attacks; CMA; digital forensics; forgery detection; motion estimation; optical-flow; video forensics.
The upgrade of security of automated process control systems
by Valery A. Konyavsky, Gennady V. Ross, Artem M. Sychev, Viktor N. Kvasnitsky, Tamara B. Zhuravleva
Abstract: The article is devoted to the main problems of protecting the network interaction of critical information infrastructures and the lines of solving the ones. An approach is formulated that allows one to combine the positive aspects of different ways of solving this task without combining their negative aspects: adaptation of CDSS to the features of technical facilities by dividing its hardware base into functional and interface parts. The technical solution based on the formulated approach, its key characteristics and indicators are described. The security of the technical solution provided by the application of the New Harvard Architecture and the resident security component is grounded. The prerequisites of applying the implementations of the described solution in various fields of industry, business, energy, in the transport and social fields are formulated.
Keywords: technological information; microcomputer; hardware data protection; smart energy system; internet of things.
Smart Card Authentication Model Based on Elliptic Curve Cryptography in Iot Networks
by A. Shakeela Joy, R. Ravi
Abstract: In this research, an effective smartcard authentication model is developed in the internet of things (IoT) network based on elliptic curve cryptography (ECC). The proposed smart card authentication method has four phases, such as User registration phase, login phase, mutual authentication phase, and Password update phase. Initially, the user accesses the real-time information from the sensing node by registering at the gateway node. During the login phase, the smart card is used by the user to login into the system with the supplied. In the mutual authentication phase, a session key is established between the accessed sensing node and the user through the gateway node. Finally, at the password update phase, the legitimate user updates the password without involving the gateway node. The proposed ECC-based authentication scheme is analysed using the metrics, such as detection rate, delay, and throughput for varying number of rounds.
Keywords: internet of things; IoT; communication; encryption; public key infrastructure; PKI; environment; session key; gateway node.
Network Forensics Investigation: Behaviour Analysis of Distinct Operating Systems to Detect and Identify the Host in IPv6 Network
by Abdullah Ayub Khan, Syed Asif Ali
Abstract: This paper studies the behaviour analysis of distinct operating systems for the purpose of forensics investigation in the IPv6 network and ensures the detection as well as identification of the network host. The network forensics parameters help to capture, filter, analyse, and information reporting about the computer-based incidents and activities of cybercrime. IPv6 supports tackling the complication of traffic in a network environment, such as dual-stack, tunnel, and translation. This research sheds light on the IPv6 network, assesses the automatic and manual transition in order to characterise network behaviour. This paper proposes a flexible and automated method architecture to analysis operating systems behaviour by observing the system function calls, performing network investigation by using PCAP file analysis can help to detect and identify the host, sessions, and open ports in the virtual environment. Through the experimental result on the network traffic, PCAP files dataset of the University of New Haven, the proposed model can archive identify network host in IPv6 network with high accuracy rate, the result shows the robustness of the NetworkMiner in terms of behaviour analysis with efficacy as compared to other state-of-the-art schemes.
Keywords: digital forensic; network forensics; behaviour analysis of distinct operating systems; IPv6 networks; host identification; PCAP file analysis; NetworkMiner.
Provably Secure Authentication Approach for Data Security in Cloud Using Hashing, Encryption, and Chebyshev-Based Authentication
by Danish Ahamad, Md Mobin Akhtar, Shabi Alam Hameed, Mahmoud Mohammad Mahmoud A.L. Qerom
Abstract: Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud servers and users through the internet. This paper proposed an efficient hashing, encryption, and Chebyshev (HEC)-based authentication in order to provide security among data communication. With the formal and informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in the cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26 ms, and 1,878 bytes for 100 Kb data size, respectively.
Keywords: cloud computing; authentication; data security; access control; data privacy; hashing; encryption; and Chebyshev; HEC.
Improving the Asymmetric Encryption Algorithm Based on Genetic Algorithm, Application in Online Information Transmission
by Le Dinh SON, Tran Van AN, Nguyen Ngoc THUY
Abstract: Within the paper scope, the authors propose to improve two solutions of information security: First, improving the asymmetric key encryption based on genetic algorithm (GA); second, building architecture of stratified information transmission system with intermediate information transmission layer. The method of survey and analysis are applied with scientific publications related to asymmetric encryption and genetic algorithms. Applying genetic algorithm to improve asymmetric encryption algorithm and intermediate information transmission layer used in the building of information transmission system in order to further enhance the security. Empirical evaluation of the effectiveness of the proposed solutions. Application of proposed solutions in actual system in use. Improved asymmetric encryption algorithm based on genetic algorithm; applied the above algorithm in building a stratified information transmission system with intermediate information layer. Main conclusion: The improvement of information security solutions has further reinforced the security and ensured the processing speed as well as prospectively applied in practice.
Keywords: genetic algorithm; information security; asymmetric encryption; information transmission.
Low Complexity Cybersecurity Architecture For the Development of ITS in Smart Cities
by Nawal Alsaffar, Wael M. El-Medany, Hayat Ali
Abstract: The application of intelligent transportation system (ITS) within smart cities is an emerging technology that requires the access to a network, and might be exposed to cyberattacks, which may affect the privacy of users and drivers. One of the of the most important private information is the vehicle location, which may lead to physical attacks. Therefore, a security technique should be applied to secure the vehicles user data and location. Adding hardware security to the tracking device will increase the hardware complexity to internet of things (IoT) sensor, which has a limited area. This paper proposed a low complexity cybersecurity architecture to protect user privacy and sensitive information. The implemented design has been synthesized and simulated, and results has been discussed and verified for selecting the best techniques of data protection and less design complexity. The hardware implementation can be reconfigured for different cipher keys and different size of cipher text.
Keywords: internet of things; cybersecurity; threats mitigation; industrial internet of things; intelligent transportation system; ITS.
Digital Watermarking of Compressed Videos Using Larger Dimension 2D Error Correcting Codes for Higher Embedding Capacity
by Anjana Rodrigues, Archana Bhise
Abstract: This paper proposes a novel method of digital watermarking of MPEG videos using 2-dimensional error-correcting codes (2D ECC). The motion vectors of the video to be protected are used as the cover. Hence, this method is versatile and can be used to watermark videos of multiple formats such as MPEG-1, MPEG-2, MPEG-4 (AVC/H.264) and even the latest format HEVC/H.265. An error-correcting code of dimension 15X15 is constructed and used to embed the watermark into select motion vectors at the encoder and to retrieve the watermark at the decoder. The use of 2D ECC facilitates embedding of multiple bits of the watermark in various patterns inside the cover, thus improving imperceptibility. The results obtained on sample videos show a high embedding capacity of 8 bits/pixel and 245 bits/codeword, while still maintaining a PSNR greater than 40 dB, as compared to the existing 4 bits/pixel of other methods.
Keywords: 2D error correcting codes; digital watermarking; video watermarking; MPEG videos; copyright protection; motion vectors.
A Self-Embedding Fragile Watermarking using Spatial Domain for Tamper Detection and Recovery in Digital Images
by MONALISA SWAIN, Debabala Swain
Abstract: With the rapid growth of digital communication and multimedia data sharing over internet, the unauthorised access and tampering of the multimedia contents are increasing. In order to maintain the security and integrity of the communicated images, the tamper detection and recover processes are highly essential. Considering the above issues, a new self-embedding fragile watermarking scheme in spatial domain is proposed with enhanced tamper recovering capability. In the proposed process, the cover image is divided into non-overlapping blocks size 2 × 2. The image authentication and recovery can be performed using the six MSB of each pixel in the watermarked image. Due to spatial domain, each block is mapped into another block using a positive integer key value. The proposed technique is experimented against the number of tampered images with different rates of tampering. The test results evidence the novelty and efficiency, through the PSNR and SSIM parameters of the recovered image.
Keywords: self-embedding; fragile watermarking; tamper detection; image recovery; spatial domain; block mapping; least significant bit; LSB.
Volatile Memory Forensics Of Privacy Aware Operating Systems
by Nilay Mistry, Sampada Kanitkar, S.O. Junare
Abstract: Along with the use of the internet, awareness regarding the privacy of the user data is also increasing slowly and gradually but at a comparatively slower rate than that of cybercrime. At present in the market, there are many such operating systems available that are secured and leave the minimum number of traces which makes it difficult to retrieve or obtain any kind of data from that system after carrying out the forensics of that machine. In this research, acquisition, and analysis of random access memory (RAM), of such secured operating systems, is performed and potential artefacts related to the activities are identified, that the operating systems leave in the memory of the system which can be further submitted in the court of law as an evidence in case of a crime being committed using such security providing technology.
Keywords: privacy-aware operating systems; volatile memory forensics; volatile memory analysis; digital forensics; cybercrime; privacy; anonymity.
Network and Hypervisor-Based Attacks in Cloud Computing Environments
by Reza Montasari, Stuart Macdonald, Amin Hosseinian-Far, Fiona Carroll, Alireza Daneshkhah
Abstract: Cloud computing (CC) has become one of the most trans- formative computing technologies and a key business avenue, following in the footsteps of main-frames, minicomputers, personal computers, the World Wide Web and smartphones. Its vital features have considerably reduced IT costs, contributing to its rapid adoption by businesses and governments worldwide. Despite the many technological and economic benefits that CC offers, at the same time, it poses complex security threats resulting from the use of virtualisation technology. Compromising the security of any component in the cloud virtual infrastructure will negatively affect the security of other elements and so impact the overall system security. Therefore, to create a practical understanding of such threats, this paper provides an analysis of common and underexplored network- and hypervisor-based attacks against CC systems from a technical viewpoint.
Keywords: cyber security; threat intelligence; artificial intelligence; machine learning; cyber physical systems; digital forensics; big data.
Security and Privacy of Adolescents in Social Applications and Networks: Legal Practice of Developing Countries
by Ahmad Ghandour, Viktor Shestak, Konstantin Sokolovskiy
Abstract: The article aims to study the developed countries experience on the legal regulation of cyberbullying among adolescents, to identify existing shortcomings in the developing countries laws, and to develop recommendations for improving the regulatory framework. To do this, the authors have studied the state regulatory practice of the UK, USA, Canada, Malaysia, South Africa and Turkey and analysed the statistics of 2018 on the manifestation of cyberbullying among adolescents in these countries. It turns out that in the countries under review there is either no separate. The percentage of cyber aggression cases among adolescents in developing countries is higher than in developed countries. For example, in South Africa, it is 85%, and in Canada 33%. The results of this study can encourage countries to create separate cyberbullying legislation if they do not have it yet and periodically review and modify already existing legislation.
Keywords: adolescent protection; cyberbullying; depression; regulations; social networks; suicide.
Digital forensics in private Seafile cloud storage from both client and server side
by Asgarali Bouyer, Mojtaba Zirak
Abstract: Nowadays, some people and organisations are unwilling to store their information on public clouds due to security and privacy problems. With increased use of established cloud services by cloud software, it is possible for malicious users to use these services for criminal purposes, so digital forensic investigations of these cloud services are necessary. Seafile cloud storage is one of popular cloud that is free and open source. In this paper, we document a series of digital forensic experiments on Seafile cloud storage service with the aim of providing forensic researchers and practitioners on both the client and server sides of Seafile. Data remnants are checked on client systems in virtual machines which running Windows 10 Home operating system and on a server with Windows Server 2012 R2 operating system. Different circumstances are created for digital forensic examinations. Correspondingly, Seafile client software and multiple browsers are used for interaction with Seafile cloud server.
Keywords: cloud computing; digital forensics; Seafile; cloud forensics; open source cloud storage.
Security challenges for routing protocols in mobile ad hoc network: a systematic review and open research issues
by Mitha Rachel Jose, J. Amar Pratap Singh
Abstract: Various targeted attacks are focused on MANET exploiting these vulnerabilities and disrupting their operations. Therefore, network optimisation can be accomplished through the maximal use of resources available and deploying proper security measures. In this study, various MANET protocols namely geographical, topology-based, hybrid, hierarchical, power-aware and multicast routing protocols, were investigated based on performance parameters (routing overhead, caching overhead, and packet delivery ratio) along with the security challenges they face. In addition to this, comparative analysis among various routing protocols and their performances were evaluated. Several topological issues namely high power consumption, low bandwidth, and high error rate, were taken into account.
Keywords: mobile ad hoc network; MANET; destination sequenced distance vector; DSDV; optimised link state routing; OLSR; ad hoc on-demand distance vector; AODV; temporally ordered routing algorithm; TORA; wireless routing protocol; WRP; dynamic source routing; DSR; zone-based; cluster-based.
IoT cybersecurity threats mitigation via integrated technical and non-technical solutions
by Hazim S. Al-Sibai, Theyab Alrubaie, Wael M. Elmedany
Abstract: With the growing number of connected devices to the internet every day, and the rapid development and deployment of internet of things (IoT), the number of security threats and vulnerabilities posed to these are also increased. Also, the use of IoT in the industry has become a major requirement for digitalisation transformation and high-priority business demand to increase productivity and profitability. The industrial internet of things (IIoT) is concerned with making industrial environments more connected and thus smarter. However, this transformation comes with a huge number of threats that should be addressed. The primary goal of this research paper is to provide a technical solution as well as a holistic approach (framework) of security concerns. This will be supported by a number of non-technical factors to build a resilient cybersecurity model to effectively and efficiently mitigate cybersecurity threats.
Keywords: internet of things; IoT; cybersecurity; threats mitigation; industrial internet of things; IIoT.
Drone forensics: investigative guide for law enforcement agencies
by Nilay R. Mistry, Hitesh P. Sanghvi
Abstract: Nowadays, sophisticated criminals are using drones in different ways like spying, bombarding, shooting, etc. Law enforcement agencies have to deal with the biggest challenges to cope up and to investigate such incidents from the drones found from the crime scene. Drones used in crimes can provide valuable sources of information by analysing storage media and logs on drones, including flying routes and their take-off source and landing destinations as well as multimedia like images and videos taken by drones, whom have controlled and remotely operated it, the controller ID and metadata. In this research, we are going to discuss how such incidents can be investigated through forensics procedures. In which, the investigator can perform drone acquisition, evidence collection, forensic investigation, and reporting. This will cover the general legal procedure to collect and analyse any drones from the crime scene and investigate inside the lab.
Keywords: drone; unmanned aerial vehicle; UAV; forensic; investigation; tracking; embedded system forensics; remotely piloted aerial systems; RPAS; technology.
Splicing forgery localisation using colour illumination inconsistencies
by P.N.R.L. Chandra Sekhar, T.N. Shankar
Abstract: In the digital imaging era, people used to deliberately distort images or videos for fun or misleading others. Image splicing is one of the methods of manipulation by copying an image from one photograph and pasting it into another. Typically, those two photographs were captured in different environments from various image sources. In this paper, we proposed a simple statistical-based learning-free approach to reveal this type of splicing forgeries using illumination inconsistencies with the assumption that the original images may have uniform illumination. The image first segmented into irregular objects as superpixels and colour illumination is estimated for each superpixel using greyness index in rg-chromaticity space. For each pair of superpixels, the dissimilarity is then estimated. A superpixel region growing algorithm is proposed to extract automatically all the tampered superpixels to localise the spliced region without human involvement. The results of the experiment show that the proposed method effectively localises splicing forgery than the state of art.
Keywords: image forensics; splicing forgery detection; localisation; colour illumination estimation; region growing.
Methods of ensuring the principle of adversary of the parties during the pre-trial stage of the criminal process
by Serik M. Apenov, Almagul Zh. Tusupova, Natalya V. Gileva, Dina M. Baimakhanova, Mariyash K. Makisheva
Abstract: The article is devoted to the methods of ensuring the principle of adversary of the parties during the pre-trial stage of the criminal process. To offer the most optimal method of ensuring adversary of the parties during the pre-trial stage for legislators of the Republic of Kazakhstan, legislative practice of France, Germany and the USA were studied. While studying the criminal process of these countries the French model of the adversarial nature of criminal proceedings is recognised as not acceptable due to the conduct of preliminary investigation in this country by forensic investigators. In the Republic of Kazakhstan pre-judicial investigations are conducted by special bodies of inquiry and preliminary investigation. As a result of the research, the author gives preference to the US case law, which provides the right for a lawyer to not provide the evidence collected by him to the investigative authorities, in order to demonstrate them at the trial.
Keywords: adversary system; principle of adversary; adversary of the parties; pre-trial stage; criminal process; Republic of Kazakhstan; legislative practice; preliminary investigation; optimal methods.
Threats to the state security of Ukraine in the humanitarian sphere: sociological dimension
by Maya Sitsinska, Anatoliy Sitsinskiy, Nataliia Kravtsova, Svitlana Khadzhyradieva, Yurii Baiun
Abstract: The article is based on theoretical concepts and principles of effective interaction between the state institution and civil society. The research is aimed to outline the ways for solving problems of national security of Ukraine. It is determined that the processes of globalisation, the interstate conflict between Ukraine and Russia, the unstable domestic political situation in Ukraine, the economic crisis reflected on the security and all-round development, satisfaction of the spiritual and material needs of citizens. The theoretical bases of the organisation of public administration of human security in Ukraine determine the basic algorithm for the development of security programs. As a result of the sociological survey of civil servants from different regions of Ukraine, the content and sources of threats and challenges to humanitarian security were established. The results of the investigation allowed determining the main threats to the national security of Ukraine in the humanitarian field.
Keywords: humanitarian policy; national interests; national security; threats to state security; humanitarian sphere.
Constitutional foundations of the security system in a modern state
by Konstantin A. Polovchenko
Abstract: The paper presents an analysis of the reform of the national security system of the Republic of Serbia. The leading method in this study is the system analysis method, which allowed the author to analyse the features of the modern national security architecture of Serbia and the procedure of interaction of its components. Studying the current regulation of security issues in the Republic of Serbia, the author comes to the conclusion that, on the one hand, as a result of the reform in Serbia, a new national security system has been created that meets European standards and is able to adequately respond to modern challenges and threats to international and domestic peace and security. But, on the other hand, currently, the activities of the security agencies of Serbia are under multi-vector civilian control, which, undoubtedly, constitutes one of the most important features of a democratically organised state.
Keywords: national security system; security intelligence agency; law on the basics of organising security services; national security council; army of Serbia.
Digital forensic standards and digital evidence in Polish criminal proceedings. An updated definition of digital evidence in forensic science
by Piotr Lewulis
Abstract: Digital evidence is increasingly popular in criminal proceedings - not only to those commonly referred to as 'cybercrimes'. The credibility criteria of such evidence are in theory governed by a set of basic principles developed within forensic science. According to current theoretical definitions, 'digital evidence' includes any information of probative value stored or transmitted in the form of digital data. It is expected that all digital evidence should be acquired and examined in a forensically sound manner. However, an empirical study based on polish criminal cases' files analysis shows that certain digital forensic guidelines on digital evidence are often ignored in practice, and information of digital origin are often presented only as printouts. A re-evaluation of current theoretical definition of 'digital evidence' is proposed based on a distinction between digital evidence in 'general' (sensu largo) and 'technical' (sensu stricto) sense.
Keywords: digital forensics; digital evidence; criminal proceedings; evidence evaluation.
Physical security design of a digital forensic lab
by Doug Weeks, Bing Zhou
Abstract: The physical security design of a digital forensic lab is one of the key components to ensure investigators are providing a secure environment to process and store evidence that has been entrusted to them. The existing guidelines that cover this topic generally provide the minimum requirements for securing a digital forensic lab. Following the existing guidelines as written will leave investigators with a lab operation that is inefficient and lacking in adequate layers of protection. In this paper, we demonstrate a system design that goes beyond the existing guidelines and provides the adequate layers of protection, integration and increased efficiency. The importance as well as the benefits of integrating the security system into one system is also discussed. Finally, recommendations for the design of physical security systems in digital forensic labs are provided so that one can use these recommendations to create a more efficient and more secure lab design.
Keywords: digital forensic lab; physical security; access control; evidence management.
LB and LT feature approach to personal identification using finger knuckle image biological trait
by Brajesh Kumar Singh, Ravinder Kumar, R. Rama Kishore
Abstract: Biometric identification is an emerging field for personal authentication and has a large number of applications in the field of time attendance system and forensic domain. A variety of biometric traits are available, but among them, hand-based biometrics are more popular because of their ease of use and better performance. A lot of literature is available on fingerprint identification but it is observed that fingerprints are always not a reliable source of information to be captured from the crime scene to identify suspects. Therefore, it is required to use some other hand-based biological trait such as finger knuckle print (back side of finger joint skin pattern) in order to identify the suspect. This paper proposed a finger knuckle image-based person identification. The performance of the proposed biometric system is compared with the well-established fingerprint-based authentication system. The experiments were performed on the benchmark dataset like PolyU finger knuckle print dataset and FVC2002 fingerprint dataset. The experimental results show that the performance of the proposed algorithm leads over many fingerprint-based identification systems. The proposed algorithm can also be used to design finger knuckle image-based biometric systems instead of fingerprint-based biometric systems.
Keywords: biometric trait; finger knuckle print; fingerprint; biometric system; suspect identification.
A novel hybrid image hiding technique using elliptic curve cryptography and DNA computing technique
by A. Vyasa Bharadwaja, V. Ganesan
Abstract: The proposed novel hybrid image hiding techniques uses the security features of ECC for encrypting the secret image before embedding with cover image and also map the secret image with DNA nucleotide to improve the level of security with high embedding capacity. In the proposed image steganography, the secret image is fed as input to the ECC encryption algorithm and the resultant ciphertext point is mapped with DNA nucleotide, and then converts it into binary digits. Second, the cover image is compressed by using DWT compression techniques. The compressed image is used as a cover image to embed the secret image by using a singular value decomposition algorithm. The resultant stego image will have high PSNR and less MSE. Results show that 36.23% decreased value of MSE value and 5.6% increased value of PSNR for 512 × 512 image size.
Keywords: image steganography; elliptic curve cryptography; ECC; DNA computing technique; peak signal to noise ratio; PSNR; mean square error; MSE; distortionless image; singular value decomposition technique; embedding capacity; correlation analysis.