Locational wireless and social media-based surveillance

The number of smartphones and tablets as well as the volume of traffic generated by these devices has been growing constantly over the past decade and this growth is predicted to continue at an increasing rate over the next five years. Numerous native features built into contemporary smart devices enable highly accurate digital fingerprinting techniques. Furthermore, software developers have been taking advantage of locational capabilities of these devices by building applications and social media services that enable convenient sharing of information tied to geographical locations. Mass online sharing resulted in a large volume of locational and personal data being publicly available for extraction. A number of researchers have used this opportunity to design and build tools for a variety of uses – both respectable and nefarious. Furthermore, due to the peculiarities of the IEEE 802.11 specification, wireless-enabled smart devices disclose a number of attributes, which can be observed via passive monitoring. These attributes coupled with the information that can be extracted using social media APIs present an opportunity for research into locational surveillance, device fingerprinting and device user identification techniques. This paper presents an in-progress research study and details the findings to date

DNA-inspired online behavioral modeling and its application to spambot detection

We propose a strikingly novel, simple, and effective approach to model online user behavior: we extract and analyze digital DNA sequences from user online actions and we use Twitter as a benchmark to test our proposal. We obtain an incisive and compact DNA-inspired characterization of user actions. Then, we apply standard DNA analysis techniques to discriminate between genuine and spambot accounts on Twitter. An experimental campaign supports our proposal, showing its effectiveness and viability. To the best of our knowledge, we are the first ones to identify and adapt DNA-inspired techniques to online user behavioral modeling. While Twitter spambot detection is a specific use case on a specific social media, our proposed methodology is platform and technology agnostic, hence paving the way for diverse behavioral characterization tasks

Perceptual Video Hashing for Content Identification and Authentication

Perceptual hashing has been broadly used in the literature to identify similar contents for video copy detection. It has also been adopted to detect malicious manipulations for video authentication. However, targeting both applications with a single system using the same hash would be highly desirable as this saves the storage space and reduces the computational complexity. This paper proposes a perceptual video hashing system for content identification and authentication. The objective is to design a hash extraction technique that can withstand signal processing operations on one hand and detect malicious attacks on the other hand. The proposed system relies on a new signal calibration technique for extracting the hash using the discrete cosine transform (DCT) and the discrete sine transform (DST). This consists of determining the number of samples, called the normalizing shift, that is required for shifting a digital signal so that the shifted version matches a certain pattern according to DCT/DST coefficients. The rationale for the calibration idea is that the normalizing shift resists signal processing operations while it exhibits sensitivity to local tampering (i.e., replacing a small portion of the signal with a different one). While the same hash serves both applications, two different similarity measures have been proposed for video identification and authentication, respectively. Through intensive experiments with various types of video distortions and manipulations, the proposed system has been shown to outperform related state-of-the art video hashing techniques in terms of identification and authentication with the advantageous ability to locate tampered regions

Grayscale Image Authentication using Neural Hashing

Many different approaches for neural network based hash functions have been proposed. Statistical analysis must correlate security of them. This paper proposes novel neural hashing approach for gray scale image authentication. The suggested system is rapid, robust, useful and secure. Proposed hash function generates hash values using neural network one-way property and non-linear techniques. As a result security and performance analysis are performed and satisfying results are achieved. These features are dominant reasons for preferring against traditional ones.Comment: international journal of Natural and Engineering Sciences (NESciences.com) : Image Authentication, Cryptology, Hash Function, Statistical and Security Analysi

Privacy Preserving Internet Browsers: Forensic Analysis of Browzar

With the advance of technology, Criminal Justice agencies are being confronted with an increased need to investigate crimes perpetuated partially or entirely over the Internet. These types of crime are known as cybercrimes. In order to conceal illegal online activity, criminals often use private browsing features or browsers designed to provide total browsing privacy. The use of private browsing is a common challenge faced in for example child exploitation investigations, which usually originate on the Internet. Although private browsing features are not designed specifically for criminal activity, they have become a valuable tool for criminals looking to conceal their online activity. As such, Technological Crime units often focus their forensic analysis on thoroughly examining the web history on a computer. Private browsing features and browsers often require a more in-depth, post mortem analysis. This often requires the use of multiple tools, as well as different forensic approaches to uncover incriminating evidence. This evidence may be required in a court of law, where analysts are often challenged both on their findings and on the tools and approaches used to recover evidence. However, there are very few research on evaluating of private browsing in terms of privacy preserving as well as forensic acquisition and analysis of privacy preserving internet browsers. Therefore in this chapter, we firstly review the private mode of popular internet browsers. Next, we describe the forensic acquisition and analysis of Browzar, a privacy preserving internet browser and compare it with other popular internet browser

An Empirical Comparison of Widely Adopted Hash Functions in Digital Forensics: Does the Programming Language and Operating System Make a Difference?

Hash functions are widespread in computer sciences and have a wide range of applications such as ensuring integrity in cryptographic protocols, structuring database entries (hash tables) or identifying known files in forensic investigations. Besides their cryptographic requirements, a fundamental property of hash functions is efficient and easy computation which is especially important in digital forensics due to the large amount of data that needs to be processed when working on cases. In this paper, we correlate the runtime efficiency of common hashing algorithms (MD5, SHA-family) and their implementation. Our empirical comparison focuses on C-OpenSSL, Python, Ruby, Java on Windows and Linux and C♯ and WinCrypto API on Windows. The purpose of this paper is to recommend appropriate programming languages and libraries for coding tools that include intensive hashing processes. In each programming language, we compute the MD5, SHA-1, SHA-256 and SHA-512 digest on datasets from 2 MB to 1 GB. For each language, algorithm and data, we perform multiple runs and compute the average elapsed time. In our experiment, we observed that OpenSSL and languages utilizing OpenSSL (Python and Ruby) perform better across all the hashing algorithms and data sizes on Windows and Linux. However, on Windows, performance of Java (Oracle JDK) and C WinCrypto is comparable to OpenSSL and better for SHA-512. Keywords: Digital forensics, hashing, micro benchmarking, security, tool buildin

An Empirical Comparison of Widely Adopted Hash Functions in Digital Forensics: Does the Programming Language and Operating System Make a Difference?

Hash functions are widespread in computer sciences and have a wide range of applications such as ensuring integrity in cryptographic protocols, structuring database entries (hash tables) or identifying known files in forensic investigations. Besides their cryptographic requirements, a fundamental property of hash functions is efficient and easy computation which is especially important in digital forensics due to the large amount of data that needs to be processed when working on cases. In this paper, we correlate the runtime efficiency of common hashing algorithms (MD5, SHA-family) and their implementation. Our empirical comparison focuses on C-OpenSSL, Python, Ruby, Java on Windows and Linux and C and WinCrypto API on Windows. The purpose of this paper is to recommend appropriate programming languages and libraries for coding tools that include intensive hashing processes. In each programming language, we compute the MD5, SHA-1, SHA-256 and SHA-512 digest on datasets from 2MB to 1 GB. For each language, algorithm and data, we perform multiple runs and compute the average elapsed time. In our experiment, we observed that OpenSSL and languages utilizing OpenSSL (Python and Ruby) perform better across all the hashing algorithms and data sizes on Windows and Linux. However, on Windows, performance of Java (Oracle JDK) and C WinCrypto is comparable to OpenSSL and better for SHA-512

A Deep Dive into Technical Encryption Concepts to Better Understand Cybersecurity & Data Privacy Legal & Policy Issues

Lawyers wishing to exercise a meaningful degree of leadership at the intersection of technology and the law could benefit greatly from a deep understanding of the use and application of encryption, considering it arises in so many legal scenarios. For example, in FTC v. Wyndham1 the defendant failed to implement nearly every conceivable cybersecurity control, including lack of encryption for stored data, resulting in multiple data breaches and a consequent FTC enforcement action for unfair and deceptive practices. Other examples of legal issues requiring use of encryption and other technology concepts include compliance with security requirements of GLBA & HIPAA, encryption safe harbors relative to state data breach notification laws and the CCPA, the NYDFS Cybersecurity Regulation, and PCI standards. Further, some policy discussions have taken place in 2020 regarding encrypted DNS over HTTPS, and lawyers would certainly seem to benefit from a better understanding of relevant encryption concepts to assess the privacy effectiveness of emerging encryption technologies, such as encrypted DNS. Finally, the need for technology education for lawyers is evidenced by North Carolina and Florida requiring one or more hours in technology CLE and New York in 2020 moving toward required CLE in the area of cybersecurity specifically. This article observes that there is a continuing desire for strong encryption mechanisms to advance the privacy interests of civilians’ online activities/communications (e.g., messages or web browsing). Law enforcement advocates for a “front door,” requiring tech platforms to maintain a decryption mechanism for online data, which they must produce upon the government providing a warrant. However, privacy advocates may encourage warrant-proof encryption mechanisms where tech platforms remove their ability to ever decrypt. This extreme pro-privacy position could be supported based on viewing privacy interests under a lens such as Blackstone’s ratio. Just as the Blackstone ratio principle favors constitutional protections that allow ten guilty people to go free rather than allowing one innocent person suffer, individual privacy rights could arguably favor fairly unsurveillable encrypted communications at the risk of not detecting various criminal activity. However, given that the internet can support large-scale good or evil activity, law enforcement continues to express a desire for a front door required by legislation and subject to suitable privacy safeguards, striking a balance between strong privacy versus law enforcement’s need to investigate serious crimes. In the last few decades, law enforcement appears to have lost the debate for various reasons, but the debate will likely continue for years to come. For attorneys to exercise meaningful leadership in evaluating the strength of encryption technologies relative to privacy rights, attorneys must generally understand encryption principles, how these principles are applied to data at rest (e.g., local encryption), and how they operate with respect to data in transit. Therefore, this article first explores encryption concepts primarily with regard to data at rest and then with regard to data in transit, exploring some general networking protocols as context for understanding how encryption can applied to data in transit, protecting the data payload of a packet and/or the routing/header information (i.e., the “from” and “to” field) of the packet. Part 1 of this article briefly explores the need for lawyers to understand encryption. Part 2 provides a mostly technical discussion of encryption concepts, with some legal concepts injected therein. Finally, Part 3 provides some high level legal discussion relevant to encryption (including arguments for and against law enforcement’s desire for a front door). To facilitate understanding for a non-technical legal audience, I include a variety of physical world analogies throughout (e.g., postal analogies and the like)