Effect of Advanced Location Methods on Search and Rescue Duration for General Aviation Aircraft Accidents in the Contiguous United States

The purpose of this study was to determine the impact of advanced search and rescue devices and techniques on search duration for general aviation aircraft crashes. The study assessed three categories of emergency locator transmitters, including 121.5 MHz, 406 MHz, and GPS-Assisted 406 MHz devices. The impact of the COSPAS-SARSAT organization ceasing satellite monitoring for 121.5 MHz ELTs in 2009 was factored into the study. Additionally, the effect of using radar forensic analysis and cellular phone forensic search methods were also assessed. The study's data was derived from an Air Force Rescue Coordination Center database and included 365 historical general aviation search and rescue missions conducted between 2006 and 2011. Highly skewed data was transformed to meet normality requirements for parametric testing. The significance of each ELT model was assessed using a combination of Brown-Forsythe Means Testing or Orthogonal Contrast Testing. ANOVA and Brown-Forsythe Means testing was used to evaluate cellular phone and radar forensic search methods. A Spearman's Rho test was used to determine if the use of multiple search methods produced an additive effect in search efficiency. Aircraft which utilized an Emergency Locator Transmitter resulted in a shorter search duration than those which did not use such devices. Aircraft utilizing GPS-Aided 406 MHz ELTs appeared to require less time to locate than if equipped with other ELT models, however, this assessment requires further study due to limited data. Aircraft equipped with 406 MHz ELTs required slightly less time to locate than aircraft equipped with older 121.5 MHz ELTs. The study found no substantial difference in the search durations for 121.5 MHz ELTs monitored by COSPAS-SARSAT verses those which were not. Significance testing revealed that the use of cellular phone forensic data and radar forensic data both resulted in substantially higher mission search durations. Some possible explanations for this finding are that these forensic methods are not employed early in search missions or were delayed until more conventional search means are exhausted. The study also found a positive correlation between the number search contributors used and mission duration, indicating that multiple search methods do not necessarily yield added efficiency.Education (all programs

Federated blockchain-based tracking and liability attribution framework for employees and cyber-physical objects in a smart workplace

The systematic integration of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) into the supply chain to increase operational efficiency and quality has also introduced new complexities to the threat landscape. The myriad of sensors could increase data collection capabilities for businesses to facilitate process automation aided by Artificial Intelligence (AI) but without adopting an appropriate Security-by-Design framework, threat detection and response are destined to fail. The emerging concept of Smart Workplace incorporates many CPS (e.g. Robots and Drones) to execute tasks alongside Employees both of which can be exploited as Insider Threats. We introduce and discuss forensic-readiness, liability attribution and the ability to track moving Smart SPS Objects to support modern Digital Forensics and Incident Response (DFIR) within a defence-in-depth strategy. We present a framework to facilitate the tracking of object behaviour within Smart Controlled Business Environments (SCBE) to support resilience by enabling proactive insider threat detection. Several components of the framework were piloted in a company to discuss a real-life case study and demonstrate anomaly detection and the emerging of behavioural patterns according to objects' movement with relation to their job role, workspace position and nearest entry or exit. The empirical data was collected from a Bluetooth-based Proximity Monitoring Solution. Furthermore, a key strength of the framework is a federated Blockchain (BC) model to achieve forensic-readiness by establishing a digital Chain-of-Custody (CoC) and a collaborative environment for CPS to qualify as Digital Witnesses (DW) to support post-incident investigations

DNA Molecular Storage System: Transferring Digitally Encoded Information through Bacterial Nanonetworks

Since the birth of computer and networks, fuelled by pervasive computing and ubiquitous connectivity, the amount of data stored and transmitted has exponentially grown through the years. Due to this demand, new solutions for storing data are needed, and one promising media is the DNA. This storage solution provides numerous advantages, which includes the ability to store dense information while achieving long-term stability. However, the question as how the data can be retrieved from a DNA-based archive, still remains. In this paper, we aim to address this question by proposing a new storage solution that relies upon molecular communication, and in particular bacterial nanonetworks. Our solution allows digitally encoded information to be stored into non-motile bacteria, which compose an archival architecture of clusters, and to be later retrieved by engineered motile bacteria, whenever reading operations are needed. We conducted extensive simulations, in order to determine the reliability of data retrieval from non-motile storage clusters, placed at different locations. Aiming to assess the feasibility of our solution, we have also conducted wet lab experiments that show how bacteria nanonetworks can effectively retrieve a simple message, such as "Hello World", by conjugation with non-motile bacteria, and finally mobilize towards a final point.Comment: 22 pages, 13 figures; removed wrong venue references, reordered bibliography accordingly to ACM guideline

KFREAIN: Design of A Kernel-Level Forensic Layer for Improving Real-Time Evidence Analysis Performance in IoT Networks

An exponential increase in number of attacks in IoT Networks makes it essential to formulate attack-level mitigation strategies. This paper proposes design of a scalable Kernel-level Forensic layer that assists in improving real-time evidence analysis performance to assist in efficient pattern analysis of the collected data samples. It has an inbuilt Temporal Blockchain Cache (TBC), which is refreshed after analysis of every set of evidences. The model uses a multidomain feature extraction engine that combines lightweight Fourier, Wavelet, Convolutional, Gabor, and Cosine feature sets that are selected by a stochastic Bacterial Foraging Optimizer (BFO) for identification of high variance features. The selected features are processed by an ensemble learning (EL) classifier that use low complexity classifiers reducing the energy consumption during analysis by 8.3% when compared with application-level forensic models. The model also showcased 3.5% higher accuracy, 4.9% higher precision, and 4.3% higher recall of attack-event identification when compared with standard forensic techniques. Due to kernel-level integration, the model is also able to reduce the delay needed for forensic analysis on different network types by 9.5%, thus making it useful for real-time & heterogenous network scenarios

The Remanence of Medieval Media

The Remanence of Medieval Media (uncorrected, pre-publication version) For: The Routledge Handbook of Digital Medieval Literature, edited by Jen Boyle and Helen Burgess (2017

Wide spectrum attribution: Using deception for attribution intelligence in cyber attacks

Modern cyber attacks have evolved considerably. The skill level required to conduct a cyber attack is low. Computing power is cheap, targets are diverse and plentiful. Point-and-click crimeware kits are widely circulated in the underground economy, while source code for sophisticated malware such as Stuxnet is available for all to download and repurpose. Despite decades of research into defensive techniques, such as firewalls, intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful cyber attacks continues to increase, as does the number of vulnerabilities identified. Measures to identify perpetrators, known as attribution, have existed for as long as there have been cyber attacks. The most actively researched technical attribution techniques involve the marking and logging of network packets. These techniques are performed by network devices along the packet journey, which most often requires modification of existing router hardware and/or software, or the inclusion of additional devices. These modifications require wide-scale infrastructure changes that are not only complex and costly, but invoke legal, ethical and governance issues. The usefulness of these techniques is also often questioned, as attack actors use multiple stepping stones, often innocent systems that have been compromised, to mask the true source. As such, this thesis identifies that no publicly known previous work has been deployed on a wide-scale basis in the Internet infrastructure. This research investigates the use of an often overlooked tool for attribution: cyber de- ception. The main contribution of this work is a significant advancement in the field of deception and honeypots as technical attribution techniques. Specifically, the design and implementation of two novel honeypot approaches; i) Deception Inside Credential Engine (DICE), that uses policy and honeytokens to identify adversaries returning from different origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive honeynet framework that uses actor-dependent triggers to modify the honeynet envi- ronment, to engage the adversary, increasing the quantity and diversity of interactions. The two approaches are based on a systematic review of the technical attribution litera- ture that was used to derive a set of requirements for honeypots as technical attribution techniques. Both approaches lead the way for further research in this field

A non-device specific framework for the development of forensic locational data analysis procedure for consumer grade small and embedded devices

Portable and wearable computing devices such as smart watches, navigation units, mobile phones, and tablet computers commonly ship with Global Navigation Satellite System (GNSS) supported locational awareness. Locational functionality is no longer limited to navigation specific devices such as satellite navigation devices and location tracking systems. Instead the use of these technologies has extended to become secondary functionality on many devices, including mobile phones, cameras, portable computers, and video game consoles. The increase in use of location aware technology is of use to forensic investigators as it has the potential to provide historic locational information. The evidentiary value of these devices to forensic investigators is currently limited due to the lack of available forensic tools and published methods to properly acquire and analyse these data sources. This research addresses this issue through the synthesis of common processes for the development of forensic procedure to acquire and interpret historic locational data from embedded, locationally aware devices. The research undertaken provides a framework for the generation of forensic procedure to enable the forensic extraction of historical locational data. The framework is device agnostic, relying instead on differential analysis and structured testing to produce a validated method for the extraction of locational history. This framework was evaluated against five devices, selected on a basis of market penetration, availability and a stage of deduplication. The examination of the framework took place in a laboratory developed specifically for the research. This laboratory replicates all identified sources of location data for the devices selected. In this case the laboratory is able to simulate cellular (2G and 3G), GNSS (NAVSTAR and GLONASS), and Wi-Fi locationing services. The laboratory is a closed-sky facility, meaning that the laboratory is contained within a faraday cage and all signals are produced and broadcast internally. Each selected device was run through a series of simulations. These simulations involved the broadcast of signals, replicating the travel of a specific path. Control data was established through the use of appropriate data recording systems, for each of the simulated location signals. On completion of the simulation, each device was forensically acquired and analysed in accordance with the proposed framework. For each experiment carried out against the five devices, the control and experimental data were compared. In this examination any divergence less than those expected for GNSS were ignored. Any divergence greater than this was examined to establish cause. Predictable divergence was accepted and non-predictable divergence would have been noted as a limitation. In all instances where data was recovered, all divergences were found to be predictable. Post analysis, the research found that the proposed framework was successful in producing locational forensic procedure in a non-device specific manner. This success was confirmed for all the devices tested