Introductory Computer Forensics

INTERPOL (International Police) built cybercrime programs to keep up with emerging cyber threats, and aims to coordinate and assist international operations for ?ghting crimes involving computers. Although signi?cant international efforts are being made in dealing with cybercrime and cyber-terrorism, ?nding effective, cooperative, and collaborative ways to deal with complicated cases that span multiple jurisdictions has proven dif?cult in practic

The InfoSec Handbook

Computer scienc

The InfoSec Handbook

Computer scienc

Mobile user authentication system (MUAS) for e-commerce applications.

The rapid growth of e-commerce has many associated security concerns. Thus, several studies to develop secure online authentication systems have emerged. Most studies begin with the premise that the intermediate network is the primary point of compromise. In this thesis, we assume that the point of compromise lies within the end-host or browser; this security threat is called the man-in-the-browser (MITB) attack. MITB attacks can bypass security measures of public key infrastructures (PKI), as well as encryption mechanisms for secure socket layers and transport layer security (SSL/TLS) protocol. This thesis focuses on developing a system that can circumvent MITB attacks using a two-phase secure-user authentication system, with phases that include challenge and response generation. The proposed system represents the first step in conducting an online business transaction.The proposed authentication system design contributes to protect the confidentiality of the initiating client by requesting minimal and non-confidential information to bypass the MITB attack and transition the authentication mechanism from the infected browser to a mobile-based system via a challenge/response mechanism. The challenge and response generation process depends on validating the submitted information and ensuring the mobile phone legitimacy. Both phases within the MUAS context mitigate the denial-of-service (DOS) attack via registration information, which includes the client’s mobile number and the International Mobile Equipment Identity (IMEI) of the client’s mobile phone.This novel authentication scheme circumvents the MITB attack by utilising the legitimate client’s personal mobile phone as a detached platform to generate the challenge response and conduct business transactions. Although the MITB attacker may have taken over the challenge generation phase by failing to satisfy the required security properties, the response generation phase generates a secure response from the registered legitimate mobile phone by employing security attributes from both phases. Thus, the detached challenge- and response generation phases are logically linked

Secure Communication in Disaster Scenarios

Während Naturkatastrophen oder terroristischer Anschläge ist die bestehende Kommunikationsinfrastruktur häufig überlastet oder fällt komplett aus. In diesen Situationen können mobile Geräte mithilfe von drahtloser ad-hoc- und unterbrechungstoleranter Vernetzung miteinander verbunden werden, um ein Notfall-Kommunikationssystem für Zivilisten und Rettungsdienste einzurichten. Falls verfügbar, kann eine Verbindung zu Cloud-Diensten im Internet eine wertvolle Hilfe im Krisen- und Katastrophenmanagement sein. Solche Kommunikationssysteme bergen jedoch ernsthafte Sicherheitsrisiken, da Angreifer versuchen könnten, vertrauliche Daten zu stehlen, gefälschte Benachrichtigungen von Notfalldiensten einzuspeisen oder Denial-of-Service (DoS) Angriffe durchzuführen. Diese Dissertation schlägt neue Ansätze zur Kommunikation in Notfallnetzen von mobilen Geräten vor, die von der Kommunikation zwischen Mobilfunkgeräten bis zu Cloud-Diensten auf Servern im Internet reichen. Durch die Nutzung dieser Ansätze werden die Sicherheit der Geräte-zu-Geräte-Kommunikation, die Sicherheit von Notfall-Apps auf mobilen Geräten und die Sicherheit von Server-Systemen für Cloud-Dienste verbessert

The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia

Conference Foreword The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Privacy in location-based services

Während der letzten Jahre erfuhren mobile Geräte durch grössere Speicher, der Entwicklung schnellerer Prozessoren und höherer Übertragungsraten, um nur einige der wichtigsten Performanceparameter zu nennen, einen enormen Entwicklungsschub. Gleichzeitig sind die unterschiedlichen Positionierungssysteme mittlerweile ausgereift und klein genug, um in mobile Geräte verbaut werden zu können. Erst durch die Möglichkeit der Zusammenführung von solchen ausgereiften Positionierungs- mit existierenden Telekommunikationstechnologien kann die Basis für eine neue Generation kontextsensitiver Anwendungen und entsprechender Geschaeftsmodelle geschaffen werden. Abgesehen von den technischen Massnahmen die zum Schutz gegen Attacken, Verfaelschungen und Missbrauch sensitiver Daten eingesetzt werden, müssen diese auch allen rechtlichen Aspekten und Rahmenbedingungen von Telekommunikationssystemen entsprechen. In diesem Sinne muss das Ziel von Forschungen im Bereich neuer kontext-sensitiver Systeme und Anwendungen die mit Positionsdaten operieren der Schutz der Privatheit jedes einzelnen Nutzers sein. Diese Dissertation beginnt mit einer Diskussion über verschiedene Aspekte von Location-Based Systemen. Es werden weiters unterschiedliche Anforderungen aufgezeigt deren Erfüllung notwendig sind, um flexible Systeme anbieten zu können und die zudem den Schutz der Privatheit der Nutzer garantieren können. Der wohl wichtigste Beitrag dazu ist ein Mechanismus der auf dem Begriff des Pseudonyms basiert.Dieses Verfahren garantiert maximale Sicherheit und Schutz der Privatheit der Benutzer während der Nutzung von Diensten. Der zweite Beitrag der Dissertation ist eine Telekom Service Architektur die den erwähnten Pseudonym-basierten Mechanismus integriert. Durch Einbeziehen dedizierter Dienste von Telekommunikationsanbietern bildet diese Architektur die Basis für die Realisierung neuer Geschäftsmodelle und ermöglicht die Implementierung des pay-as-you-go Konzeptes. Dieses ermöglicht Kunden anonym mobile Dienste von Drittanbietern zu konsumieren, ähnlich dem anonymen Kauf von Gütern mit realem Geld. Schliesslich wird mit der Implementierung einer Service Platform sowohl die Funktionsweise des Pseudonym Mechanismus sowie die Interaktionen der in der System Architektur vorgesehenen Dienste und Komponenten die zur Realisierung von Location-Based Anwendungen benötigt werden demonstriert.During the last years the development of mobile devices has gained significant progress with respect to memory capabilities, advanced processing power and higher transfer rates to name only a few performance parameters. At the same time eclectic positioning and localization technologies are meanwhile mature enough to be integrated into mobile devices. Not until positioning, localization and telecommunication technologies can be combined, seamlessly the basis for the proliferation of a new generation of context-aware applications and business models can be build. In this respect, location and position information foster novel future context-awareapplications. But, if this information is in the wrong hands such applications may by the same token pose severe threat. Therefore, apart from technical means against attacks, forgery and misuse of sensitive user information the interaction of all these systems must comply with legal requirements that precisely prescribe all aspects of telecommunication systems. In this spirit, the main research ob jective addressed for the design of new context- aware and location-based systems must be the protection of the user’s privacy. This dissertation discusses first various aspects of location-based systems and out of it the various needs that have to be addressed to be able to provide flexible location-based services to mobile users by preserving privacy. The main contribution of this work is a mechanism that is based on the notion of pseudonyms. The use of this kind of pseudonyms provides maximum security and privacy for users during communication. The second contribution is a telecommunication service architecture that is tightly coupled with the pseudonym mechanism. It allows new business models to be applied by leveraging the use of some services of the telcos’ infrastructure. This service application further allows the implementation of the so called pay-as-you-go concept. This allows customers to anonymously consume mobile services that are offered by third party application providers similarly to buying physical goods with cash. Finally, we demonstrate the implementation of a service platform that allows us to illustrate the operation of the pseudonym mechanism and the interworking of the system architecture’s components that are tailored for the realization of location-based applications

A Novel User Oriented Network Forensic Analysis Tool

In the event of a cybercrime, it is necessary to examine the suspect’s digital device(s) in a forensic fashion so that the culprit can be presented in court along with the extracted evidence(s). But, factors such as existence and availability of anti-forensic tools/techniques and increasing replacement of hard disk drives with solid state disks have the ability to eradicate critical evidences and/or ruin their integrity. Therefore, having an alternative source of evidence with a lesser chance of being tampered with can be beneficial for the investigation. The organisational network traffic can fit into this role as it is an independent source of evidence and will contain a copy of all online user activities. Limitations of prevailing network traffic analysis techniques – packet based and flow based – are reflected as certain challenges in the investigation. The enormous volume and increasing encrypted nature of traffic, the dynamic nature of IP addresses of users’ devices, and the difficulty in extracting meaningful information from raw traffic are among those challenges. Furthermore, current network forensic tools, unlike the sophisticated computer forensic tools, are limited in their capability to exhibit functionalities such as collaborative working, visualisation, reporting and extracting meaningful user-level information. These factors increase the complexity of the analysis, and the time and effort required from the investigator. The research goal was set to design a system that can assist in the investigation by minimising the effects of the aforementioned challenges, thereby reducing the cognitive load on the investigator, which, the researcher thinks, can take the investigator one step closer to the culprit. The novelty of this system comes from a newly proposed interaction based analysis approach, which will extract online user activities from raw network metadata. Practicality of the novel interaction-based approach was tested by designing an experimental methodology, which involved an initial phase of the researcher looking to identify unique signatures for activities performed on popular Internet applications (BBC, Dropbox, Facebook, Hotmail, Google Docs, Google Search, Skype, Twitter, Wikipedia, and YouTube) from the researcher’s own network metadata. With signatures obtained, the project moved towards the second phase of the experiment in which a much larger dataset (network traffic collected from 27 users for over 2 months) was analysed. Results showed that it is possible to extract unique signature of online user activities from raw network metadata. However, due to the complexities of the applications, signatures were not found for some activities. The interaction-based approach was able to reduce the data volume by eliminating the noise (machine to machine communication packets) and to find a way around the encryption issue by using only the network metadata. A set of system requirements were generated, based on which a web based, client-server architecture for the proposed system (i.e. the User-Oriented Network Forensic Analysis Tool) was designed. The system functions in a case management premise while minimising the challenges that were identified earlier. The system architecture led to the development of a functional prototype. An evaluation of the system by academic experts from the field acted as a feedback mechanism. While the evaluators were satisfied with the system’s capability to assist in the investigation and meet the requirements, drawbacks such as inability to analyse real-time traffic and meeting the HCI standards were pointed out. The future work of the project will involve automated signature extraction, real-time processing and facilitation of integrated visualisation

End-to-End Privacy Protection for Facebook Mobile Chat based on AES with Multi-Layered MD5

As social media environments become more interactive and amount of users grown tremendously, privacy is a matter of increasing concern. When personal data become a commodity, social media company can share users data to another party such as government. Facebook, inc is one of the social media company that frequently asked for user’s data. Although this private data request mechanism through a formal and valid legal process, it still undermine the fundamental right to information privacy. In This Case, social media users need protection against privacy violation from social media platform provider itself.  Private chat is the most favorite feature of a social media. Inside a chat room, user can share their private information contents. Cryptography is one of data protection methods that can be used to hides private communication data from unauthorized parties. In our study, we proposed a system that can encrypt chatting content based on AES and multi-layered MD5 to ensure social media users have privacy protection against social media company that use user informations as a commodity. In addition, this system can make users convenience to share their private information through social media platform