Information Security and Digital Forensics in the world of Cyber Physical Systems

Andrew Jones, Stilianos Vidalis, Nasser Abouzakhar, ‘Information Security and Digital Forensics in the world of Cyber Physical Systems’, paper presented at the 11th International Conference on Digital Information Management, Porto, Portugal, 19-21 September, 2016.The security of Cyber Physical Systems and any digital forensic investigations into them will be highly dependent on data that is stored and processed in the Cloud. This paper looks at a number of the issues that will need to be addressed if this environment is to be trusted to securely hold both system critical and personal information and to enable investigations into incidents to be undertaken

Critical Infrastructure Cybersecurity : A Review of Recent Threats and Violations

Most of current industries and their critical infrastructure rely heavily on the Internet for everything. The increase in the online services and operations for various industries has led to an increase in different security threats and malicious activities. In US, the department of homeland security reported recently that there have been 200 attacks on core critical infrastructures in the transportation, energy, and communication industries (Erwin et al., 2012). This paper is concerned with the growing dependence of modern society on the Internet, which has become an ideal channel and vital source of malicious activities and various security threats. These threats could have an impact on different distributed systems within and across all the critical infrastructures, such as industrial networks, financial online systems and services, nuclear power generation and control systems, airlines and railway traffic controllers, satellite communication networks, national healthcare information systems … etc. The major problem is that the existing Internet mechanisms and protocols are not appropriately designed to deal with such recently developed problems. Therefore, a rigorous research is required to develop security approaches and technologies that are capable of responding to this new evolving context. This paper presents various security threats and incidents over the past recent years on different critical infrastructure domains. It introduces some security measures including vulnerability assessment and penetration testing approaches for critical infrastructure

A Chi-square testing-based intrusion detection Model

The rapid growth of Internet malicious activities has become a major concern to network forensics and security community. With the increasing use of IT technologies for managing information there is a need for stronger intrusion detection mechanisms. Critical - mission systems and applications require mechanisms able to detect any unauthorised activities. An Intrusion Detection System (IDS) acts as a necessary element for monitoring traffic packets on computer networks, performs analysis to suspicious traffic and makes vital decisions. IDSs allow cybercrime forensic specialists to gather useful evidence whenever needed. This paper presents the design and development process of a Network Intrusion Detection System (NIDS) solution, which aims at providing an effective anomaly based detection model using Chi-Square statistics. One of the design objectives in this paper is to minimise the limitations of current statistical network forensics and intrusion detection. Throughout the development process of this statistical detection model several aspects of the process of building an effective detection model are emphasized. These aspects include dataset pre - processing and feature selection, network traffic analysis, statistical testing and detection model development. The calculated / output statistical figures of this model are based on certain threshold values which could be used and / or adjusted by a forensic specialist for deciding whether or not a suspicious event took place. The modelling and development process of this proposed anomaly detection has been achieved using various software and development tools. In this paper we focus on modelling dynamic anomaly detection using the Chi-square technique. It investigates a network traffic dataset collected by CAIDA in 2008 that contains signs for denial of service (DoS) attacks called backscatter. The normal dataset patterns are analysed to build a profile for the legitimate network traffic. Any deviations from these normal profiles will be considered anomalous. The dataset was pre - processed using Wireshark and T-Shark, the detection model was developed using MATLAB for different variants of denial of services attacks and promising results were achieved

An Enhanced Eigenfaces-based Biometric Forensic Model

The recent explosive development of the Internet allowed unwelcomed visitors to gain access to private information and various critical - mission resources such as financial institutions, hospitals, airports ... etc. Internet security has become a hot topic and relies on advanced technology. Now, more than ever, there is an increasing need for stronger identification mechanisms such as biometrics, which are in the process of replacing traditional identification solutions. Also, critical - mission systems and applications require mechanisms to detect when legitimate users try to misuse their privileges. Biometrics enables cybercrime forensics specialists to gather evidence whenever needed. This paper aims to introduce a biometric forensic model using facial identification approach. This model is based on the Eigenfaces approach for recognition proposed by Turk and Pentland [1]. Here, an unknown input image is compared with a set of images stored in a database to identify the best match. A freely accessible faces database has been used to develop our model which is based on a mathematical approach, called Principle Component Analysis (PCA). The paper addresses the issue of extracting global features of the images which are stored separately in the database. The features of a test image were compared with a set of images whose features were stored. The distance of the two images was calculated and when was minimum and below a certain threshold, the two images were considered to be the same and belong to a particular person. The calculated distance could be used and / or adjusted by a forensic specialist for deciding whether or not a suspicious user is actually the person who claims to be. The performance of the proposed face identification model was evaluated using standard methods. Distance values were used to express the similarity between any input image and other stored images. The model’s performance was evaluated using FAR (False Acceptance Rate), FRR (False Rejection Rate) and EER (Equal Error Rate). In FAR, each user’s image was compared with all images present in the database excluding the user’s own image. In FRR, each user’s image was compared with his own stored in the database. The major findings of the experiments showed promising and interesting results in terms of the model’s performance and similarity measures

A Fingerprint Matching Model using Unsupervised Learning Approach

The increase in the number of interconnected information systems and networks to the Internet has led to an increase in different security threats and violations such as unauthorised remote access. The existing network technologies and communication protocols are not well designed to deal with such problems. The recent explosive development in the Internet allowed unwelcomed visitors to gain access to private information and various resources such as financial institutions, hospitals, airports ... etc. Those resources comprise critical-mission systems and information which rely on certain techniques to achieve effective security. With the increasing use of IT technologies for managing information, there is a need for stronger authentication mechanisms such as biometrics which is expected to take over many of traditional authentication and identification solutions. Providing appropriate authentication and identification mechanisms such as biometrics not only ensures that the right users have access to resources and giving them the right privileges, but enables cybercrime forensics specialists to gather useful evidence whenever needed. Also, critical-mission resources and applications require mechanisms to detect when legitimate users try to misuse their privileges; certainly biometrics helps to provide such services. This paper investigates the field of biometrics as one of the recent developed mechanisms for user authentication and evidence gathering despite its limitations. A biometric-based solution model is proposed using various statistical-based unsupervised learning approaches for fingerprint matching. The proposed matching algorithm is based on three various similarity measures, Cosine similarity measure, Manhattan distance measure and Chebyshev distance measure. In this paper, we introduce a model which uses those similarity measures to compute a fingerprint’s matching factor. The calculated matching factor is based on a certain threshold value which could be used by a forensic specialist for deciding whether a suspicious user is actually the person who claims to be or not. A freely available fingerprint biometric SDK has been used to develop and implement the suggested algorithm. The major findings of the experiments showed promising and interesting results in terms of the performance of all the proposed similarity measures

Cloud Security : A Review of Recent Threats and Solution Models

The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012)