A Platform Independent Investigative Process Model for Smartphones

A properly conducted forensic examination is one of the most fundamental aspects of a digital investigation. Examiners are obligated to obtain the skills necessary to use forensic tools and methodologies and rely on sound judgment when analyzing a digital device. Anytime during this process, the quality of the methods, skills, and expertise of the examiner may be challenged, thus, placing the forensic value of the evidence collected during the process in jeopardy. In order to combat the potential challenges posed as a result of the forensic examination process, the digital forensics community must ensure that suitable protocols are used throughout the analysis process. Currently, there is no standard methodology forensic examiners use to analyze a digital device. Examiners have made use of a model derived from the Digital Forensic Research Workshop in 2001 and the application of ad-hoc techniques has become routine. While these approaches may reveal potential data of evidentiary value when applying them to digital devices, their core purpose specifically involves the analysis of computers. It is not clear how effective these methods have been when examining other digital technologies, in particular Small Scale Digital Devices (SSDDs). Due to these mitigating factors, it is critical to develop standard scientifically sound methodologies in the area of digital forensics that allow us to evaluate various digital technologies while considering their distinctive characteristics. This research addresses these issues by introducing the concept of an extendable forensic process model applicable to smartphones regardless of platform. The model has been developed using the property of invariance to construct a core components list which serves as the foundation of the proposed methodology. This dissertation provides a description of the forensic process, the models currently used, the developed model, and experiments to show its usefulness

Secure CAN logging and data analysis

2020 Fall.Includes bibliographical references.Controller Area Network (CAN) communications are an essential element of modern vehicles, particularly heavy trucks. However, CAN protocols are vulnerable from a cybersecurity perspective in that they have no mechanism for authentication or authorization. Attacks on vehicle CAN systems present a risk to driver privacy and possibly driver safety. Therefore, developing new tools and techniques to detect cybersecurity threats within CAN networks is a critical research topic. A key component of this research is compiling a large database of representative CAN data from operational vehicles on the road. This database will be used to develop methods for detecting intrusions or other potential threats. In this paper, an open-source CAN logger was developed that used hardware and software following the industry security standards to securely log and transmit heavy vehicle CAN data. A hardware prototype demonstrated the ability to encrypt data at over 6 Megabits per second (Mbps) and successfully log all data at 100% bus load on a 1 Mbps baud CAN network in a laboratory setting. An AES-128 Cipher Block Chaining (CBC) encryption mode was chosen. A Hardware Security Module (HSM) was used to generate and securely store asymmetric key pairs for cryptographic communication with a third-party cloud database. It also implemented Elliptic-Curve Cryptography (ECC) algorithms to perform key exchange and sign the data for integrity verification. This solution ensures secure data collection and transmission because only encrypted data is ever stored or transmitted, and communication with the third-party cloud server uses shared, asymmetric secret keys as well as Transport Layer Security (TLS)

CCTV Technology Handbook

This CCTV Technology Handbook provides emergency responders, law enforcement security managers, and other security specialists with a reference to aid in planning, designing, and purchasing a CCTV system. This handbook includes a description of the capabilities and limitations of CCTV components used in security applications

Novel active sweat pores based liveness detection techniques for fingerprint biometrics

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Liveness detection in automatic fingerprint identification systems (AFIS) is an issue which still prevents its use in many unsupervised security applications. In the last decade, various hardware and software solutions for the detection of liveness from fingerprints have been proposed by academic research groups. However, the proposed methods have not yet been practically implemented with existing AFIS. A large amount of research is needed before commercial AFIS can be implemented. In this research, novel active pore based liveness detection methods were proposed for AFIS. These novel methods are based on the detection of active pores on fingertip ridges, and the measurement of ionic activity in the sweat fluid that appears at the openings of active pores. The literature is critically reviewed in terms of liveness detection issues. Existing fingerprint technology, and hardware and software solutions proposed for liveness detection are also examined. A comparative study has been completed on the commercially and specifically collected fingerprint databases, and it was concluded that images in these datasets do not contained any visible evidence of liveness. They were used to test various algorithms developed for liveness detection; however, to implement proper liveness detection in fingerprint systems a new database with fine details of fingertips is needed. Therefore a new high resolution Brunel Fingerprint Biometric Database (B-FBDB) was captured and collected for this novel liveness detection research. The first proposed novel liveness detection method is a High Pass Correlation Filtering Algorithm (HCFA). This image processing algorithm has been developed in Matlab and tested on B-FBDB dataset images. The results of the HCFA algorithm have proved the idea behind the research, as they successfully demonstrated the clear possibility of liveness detection by active pore detection from high resolution images. The second novel liveness detection method is based on the experimental evidence. This method explains liveness detection by measuring the ionic activities above the sample of ionic sweat fluid. A Micro Needle Electrode (MNE) based setup was used in this experiment to measure the ionic activities. In results, 5.9 pC to 6.5 pC charges were detected with ten NME positions (50μm to 360 μm) above the surface of ionic sweat fluid. These measurements are also a proof of liveness from active fingertip pores, and this technique can be used in the future to implement liveness detection solutions. The interaction of NME and ionic fluid was modelled in COMSOL multiphysics, and the effect of electric field variations on NME was recorded at 5μm -360μm positions above the ionic fluid.This study is funded by the University of Sindh, Jamshoro, Pakistan and the Higher Education Commission of Pakistan

DRONE DELIVERY OF CBNRECy – DEW WEAPONS Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD)

Drone Delivery of CBNRECy – DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD) is our sixth textbook in a series covering the world of UASs and UUVs. Our textbook takes on a whole new purview for UAS / CUAS/ UUV (drones) – how they can be used to deploy Weapons of Mass Destruction and Deception against CBRNE and civilian targets of opportunity. We are concerned with the future use of these inexpensive devices and their availability to maleficent actors. Our work suggests that UASs in air and underwater UUVs will be the future of military and civilian terrorist operations. UAS / UUVs can deliver a huge punch for a low investment and minimize human casualties.https://newprairiepress.org/ebooks/1046/thumbnail.jp

Looking towards the future: the changing nature of intrusive surveillance and technical attacks against high-profile targets

In this thesis a novel Bayesian model is developed that is capable of predicting the probability of a range of eavesdropping techniques deployed, given an attacker's capability, opportunity and intent. Whilst limited attention by academia has focused on the cold war activities of Soviet bloc and Western allies' bugging of embassies, even less attention has been paid to the changing nature of the technology used for these eavesdropping events. This thesis makes four contributions: through the analysis of technical eavesdropping events over the last century, technological innovation is shown to have enriched the eavesdropping opportunities for a range of capabilities. The entry barrier for effective eavesdropping is lowered, while for the well resourced eavesdropper, the requirement for close access has been replaced by remote access opportunities. A new way to consider eavesdropping methods is presented through the expert elicitation of capability and opportunity requirements for a range of present-day eavesdropping techniques. Eavesdropping technology is shown to have life-cycle stages with the technology exploited by different capabilities at different times. Three case studies illustrate that yesterday’s secretive government method becomes today’s commodity. The significance of the egress transmission path is considered too. Finally, by using the expert elicitation information derived for capability, opportunity and life-cycle position, for a range of eavesdropping techniques, it is shown that it is possible to predict the probability of particular eavesdropping techniques being deployed. This novel Bayesian inferencing model enables scenarios with incomplete, uncertain or missing detail to be considered. The model is validated against the previously collated historic eavesdropping events. The development of this concept may be scaled with additional eavesdropping techniques to form the basis of a tool for security professionals or risk managers wishing to define eavesdropping threat advice or create eavesdropping policies based on the rigour of this technological study.Open Acces

Development of a prototype sensor-integrated urine bag for real-time measuring.

The urine output is a rapid bedside test for kidney function, and reduced output is the common biomarker for an acute kidney injury (AKI). The consensus definition of the symptom is used urine output <0.5 ml/kg/hour for ≥6 hours to define AKI. If a patient is suspected to have this problem, the urine output monitoring needs to be done hourly, and this task consumes a lot of time, and easily affected by human errors. Moreover, available evidences in literatures indicate that more frequent patient monitoring could impact clinical decision making and patient’s outcome. However, it is not possible for nurses to dedicate their precious time manually up to minute manually measurements. To date, there is no reliable device has been used in the clinical routine. From the literatures, only a few automated devices were found with the ability to automatically monitor urine outputs, and could reduce nurse workload and at the same time enhance work performance, but these still have some limitations to measure human urine. In this thesis presents the development and testing for such a device. The research was aimed at building a prototype that could be measured a small amount of urine output, and transit information via wireless to a Cloud database with inexpensive and less complex components. The concept is to provide a real-time measurement and generates data records in Cloud database without requiring any intervention by the nurse. The initial experiment was done measure small amount of liquid using a dropvolume calculation technique. An optical sensor was placed in a medical dropper to record number of counted-drops, the Mean Absolute Percent Error from the test is reported ±3.96% for measuring 35 ml of liquid compared with the ISO standard. The second prototype was developed with multi-sensors, including photo interrupter sensor, infrared proximity sensor, and ultrasonic sensor, to detect the dripping and urine flow. However, the optical sensor still provided the most accuracy of all. The final prototype is based on the combination of optical sensor for detecting drops to calculated urine flow rate and its volume, and weight scales to measurement the weight of collected urine in a commercial urine meter. The prototype also provides an alert in two scenarios; when the urine production is not met the goals, and when the urine container is almost full, the system will automatically generate alarms that warn the nurse. Series of experimentation tests have been conducted under consultant of medical professional to verify the proper operation and accuracy in the measurement. The results are improved from the previous prototype. The mean error found of this version is 1.975% or ≈ ±1.215 ml. when measure 35ml of urine under the average density value of urine (1.020). These tests confirm the potential application of the device by assisting nurse to monitor urine output with the accuracy in the measurement. The use of the Cloud based technology has not been previously reported in the literature as far as can be ascertained. These results illustrated the capability, suitability and limitation of the chosen technology

Comparison of Radio Frequency Distinct Native Attribute and Matched Filtering Techniques for Device Discrimination and Operation Identification

The research presented here provides a comparison of classification, verification, and computational time for three techniques used to analyze Unintentional Radio- Frequency (RF) Emissions (URE) from semiconductor devices for the purposes of device discrimination and operation identification. URE from ten MSP430F5529 16-bit microcontrollers were analyzed using: 1) RF Distinct Native Attribute (RFDNA) fingerprints paired with Multiple Discriminant Analysis/Maximum Likelihood (MDA/ML) classification, 2) RF-DNA fingerprints paired with Generalized Relevance Learning Vector Quantized-Improved (GRLVQI) classification, and 3) Time Domain (TD) signals paired with matched filtering. These techniques were considered for potential applications to detect counterfeit/Trojan hardware infiltrating supply chains and to defend against cyber attacks by monitoring executed operations of embedded systems in critical Supervisory Control And Data Acquisition (SCADA) networks

On-die transient event sensors and system-level ESD testing

System level electrostatic discharge (ESD) testing of electronic products is a critical part of product certification. Test methods were investigated to develop system level ESD simulation models to predict soft-failures in a system with multiple sensors. These methods rely completely on measurements. The model developed was valid only for the linear operation range of devices within the system. These methods were applied to a commercial product and used to rapidly determine when a soft failure would occur. Attaching cables and probes to determine stress voltages and currents within a system, as in the previous study, is time-consuming and can alter the test results. On-chip sensors have been developed which allow the user to avoid using cables and probes and can detect an event along with the level, polarity, and location of a transient event seen at the I/O pad. The sensors were implemented with minimum area consumption and can be implemented within the spacer cell of an I/O pad. Some of the proposed sensors were implemented in a commercial test microcontroller and have been tested to successfully record the event occurrence, location, level, and polarity on that test microcontroller. System level tests were then performed on a pseudo-wearable device using the on-chip sensors. The measurements were successful in capturing the peak disturbance and counting the number of ESD events without the addition of any external measurement equipment. A modification of the sensors was also designed to measure the peak voltage on a trace or pin inside a complex electronic product. The peak current can also be found when the sensor is placed across a transient voltage suppressor with a known I-V curve. The peak level is transmitted wirelessly to a receiver outside the system using frequency-modulated magnetic or electric fields, thus allowing multiple measurements to be made without opening the enclosure or otherwise modifying the system. Simulations demonstrate the sensors can accurately detect the peak transient voltage and transmit the level to an external receiver --Abstract, page iv