Forensic Data Properties of Digital Signature BDOC and ASiC-E Files on Classic Disk Drives

Käesolevas magistritöös vaadeldakse BDOC ja ASiC-E digitaalselt allkirjastatud dokumendikonteinerite sisu ning kirjeldatakse nende huvipakkuvaid omadusi. Teatava hulga näidiskonteinerite vaatlemise järel pakub autor välja faili päise ja faili jaluse kombinatsiooni (signatuuri), mis oluliselt parandab nimetatud failide kustutatud olekust sihitud taastamist külgnevatest klastritest NTFS vormindatud tihendamata kettal, võttes arvesse klassikalise kõvaketta geomeetriat. Ühtlasi kirjeldab autor kohtuekspertiisi koha pealt tähendust omavaid andmeid ZIP kohaliku faili päises ja keskkataloogi kirjes, XML signatuuris ja ASN.1 kodeeritud kihtides ning nende kättesaamise algoritmi. Nendele järeldustele tuginedes loob autor Phytoni skripte ja viib läbi mitmeid teste failide taastamiseks faili signatuuri järgi ning huvipakkuvate andmete väljavõtmiseks. Teste viiakse läbi teatava valiku failide üle ja tulemusi võrreldakse mitme kohtuekspertiisis laialt kasutatava peavoolu töökeskkonnaga, samuti mõningate andmetaaste tööriistadega. Lõpuks testitakse magistritöö käigus pakutud digitaalselt allkirjastatud dokumentide taastamiseks mõeldud signatuuri ja andmete väljavõtmise algoritmi suurel hulgal avalikust dokumendiregistrist pärit kehtivate dokumentidega, mis saadi kätte spetsiaalselt selleks kirjutatud veebirobotiga. Nimetatud teste viiakse läbi dokumentide üle, mille hulgas on nii digitaalselt allkirjastatud dokumente kui ka teisi, nendega struktuurilt sarnaseid dokumente.This thesis reviews the contents and observes certain properties of digitally signed documents of BDOC and ASiC-E container formats. After reviewing a set of sample containers, the author comes up with a header and footer combination (signature) significantly improving pinpointed carving-based recovery of those files from a deleted state on NTFS formatted uncompressed volumes in contiguous clusters, taking into account the geometry of classic disk drives. The author also describes forensically meaningful attributive data found in ZIP Headers and Central Directory, XML signatures as well as embedded ASN.1 encoded data of the sample files and suggests an algorithm for the extraction of such data. Based on these findings, the author creates scripts in Python and executes a series of tests for file carving and extraction of attributive data. These tests are run over the samples placed into unallocated clusters and the results are compared to several mainstream commercial forensic examination suites as well as some popular data recovery tools. Finally, the author web-scrapes a large number of real-life documents from a government agency’s public document registry. The carving signature and the data-extractive algorithm are thereafter applied on a larger scale and in an environment competitively supplemented with structurally similar containers

A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest

CBOR-based Serialization Format for the SUIT Manifes

DebAuthn: a Relying Party Implementation as a WebAuthn Authenticator Debugging Tool

[Abstract] Passwords as an authentication method have become vulnerable to numerous attacks. During the last few years, the FIDO Alliance and the W3C have been working on a new authentication method based on public key cryptography and hardware authenticators, which avoids attacks like phishing or password stealing. This degree thesis focuses on the development of a web application as a flexible testing and debugging environment for developers and researchers of the protocol, still under development. Moreover, the developed tool is used for testing the most relevant hardware authenticators, showcasing their main characteristics.[Resumo] Os contrasinais como método de autentificación volvéronse vulnerables a numerosos ataques. Durante os últimos anos, a FIDO Alliance e a W3C estiveron traballando nun novo sistema de autentificación baseado en criptografía de chave pública e autentificadores hardware, o que evita ataques como phishing ou roubo de contrasinais. Este traballo de fin de grao céntrase no desenvolvemento dunha aplicación web como un entorno flexible de probas e depuración para desenvolvedores e investigadores do protocolo, aínda en desenvolvemento. Ademais, a ferramenta desenvolvida é usada para probar os autentificadores hardware máis relevantes, mostrando as súas características principais

Digital evidence bags

This thesis analyses the traditional approach and methodology used to conduct digital forensic information capture, analysis and investigation. The predominant toolsets and utilities that are used and the features that they provide are reviewed. This is used to highlight the difficulties that are encountered due to both technological advances and the methodologies employed. It is suggested that these difficulties are compounded by the archaic methods and proprietary formats that are used. An alternative framework for the capture and storage of information used in digital forensics is defined named the `Digital Evidence Bag' (DEB). A DEB is a universal extensible container for the storage of digital information acquired from any digital source. The format of which can be manipulated to meet the requirements of the particular information that is to be stored. The format definition is extensible thereby allowing it to encompass new sources of data, cryptographic and compression algorithms and protocols as developed, whilst also providing the flexibility for some degree of backwards compatibility as the format develops. The DEB framework utilises terminology to define its various components that are analogous with evidence bags, tags and seals used for traditional physical evidence storage and continuity. This is crucial for ensuring that the functionality provided by each component is comprehensible by the general public, judiciary and law enforcement personnel without detracting or obscuring the evidential information contained within. Furthermore, information can be acquired from a dynamic or more traditional static environment and from a disparate range of digital devices. The flexibility of the DEB framework permits selective and/or intelligent acquisition methods to be employed together with enhanced provenance and continuity audit trails to be recorded. Evidential integrity is assured using accepted cryptographic techniques and algorithms. The DEB framework is implemented in a number of tool demonstrators and applied to a number of typical scenarios that illustrate the flexibility of the DEB framework and format. The DEB framework has also formed the basis of a patent application

Policy enforcement in cloud computing

Cloud Computing is an emerging technology, providing attractive way of hosting and delivering services over the Internet. Many organizations and individuals are utilizing Cloud services to share information and collaborate with partners. However, Cloud provides abstraction over the underlying physical infrastructure to the customers, that raises information security concerns, while storing data in a virtualized environment without having physical access to it. Additionally, certain standards have been issued to provide interoperability between users and various distributed systems(including Cloud infrastructures), in a standardized way. However, implementation and interoperability issues still exist and introduce new challenges. This thesis explores the feasibility of securing data in a cloud context, using existing standards and specifications, while retaining the benefits of the Cloud. The thesis provides a view on increasing security concerns of moving to the cloud and sharing data over it. First, we define security and privacy requirements for the data stored in the Cloud. Based on these requirements, we propose the requirements for an access control system in the Cloud. Furthermore, we evaluate the existing work in the area of currently available access control systems and mechanisms for secure data sharing over the Cloud, mostly focusing on policy enforcement and access control characteristics. Moreover, we determine existing mechanisms and standards to implement secure data sharing and collaborative systems over the Cloud. We propose an architecture supporting secure data sharing over the untrusted Cloud environment, based on our findings. The architecture ensures policy based access control inside and outside Cloud, while allowing the benefits of Cloud Computing to be utilized. We discuss the components involved in the architecture and their design considerations. To validate the proposed architecture, we construct the proof of concept prototype. We present a novel approach for implementing policy based access control, by achieving interoperability between existing standards and addressing certain issues, while constructing the system prototype. Furthermore, we deploy our solution in the Cloud and perform the performance tests to evaluate the performance of the system. Finally, we perform a case study by utilizing our system in a real-life scenario. To do this we slightly tailor our solution to meet specific needs. Overall, this thesis provides a solid foundation for the policy enforcement and access control mechanisms in the Cloud-based systems and motivates further work within this field. Cloud Computing is an emerging technology, providing attractive way of hosting and delivering services over the Internet. Many organizations and individuals are utilizing Cloud services to share information and collaborate with partners. However, Cloud provides abstraction over the underlying physical infrastructure to the customers, that raises information security concerns, while storing data in a virtualized environment without having physical access to it. Additionally, certain standards have been issued to provide interoperability between users and various distributed systems(including Cloud infrastructures), in a standardized way. However, implementation and interoperability issues still exist and introduce new challenges. This thesis explores the feasibility of securing data in a cloud context, using existing standards and specifications, while retaining the benefits of the Cloud. The thesis provides a view on increasing security concerns of moving to the cloud and sharing data over it. First, we define security and privacy requirements for the data stored in the Cloud. Based on these requirements, we propose the requirements for an access control system in the Cloud. Furthermore, we evaluate the existing work in the area of currently available access control systems and mechanisms for secure data sharing over the Cloud, mostly focusing on policy enforcement and access control characteristics. Moreover, we determine existing mechanisms and standards to implement secure data sharing and collaborative systems over the Cloud. We propose an architecture supporting secure data sharing over the untrusted Cloud environment, based on our findings. The architecture ensures policy based access control inside and outside Cloud, while allowing the benefits of Cloud Computing to be utilized. We discuss the components involved in the architecture and their design considerations. To validate the proposed architecture, we construct the proof of concept prototype. We present a novel approach for implementing policy based access control, by achieving interoperability between existing standards and addressing certain issues, while constructing the system prototype. Furthermore, we deploy our solution in the Cloud and perform the performance tests to evaluate the performance of the system. Finally, we perform a case study by utilizing our system in a real-life scenario. To do this we slightly tailor our solution to meet specific needs. Overall, this thesis provides a solid foundation for the policy enforcement and access control mechanisms in the Cloud-based systems and motivates further work within this field

Novel architectures and strategies for security offloading

Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilities¿ complexities have been amplified along with the evolution of Internet user mobility. In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization. The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing. From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet. On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenómeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evolución de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafíos relacionados con las vulnerabilidades de control y gestión de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafíos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticación y autorización globales. El propósito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protección. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbación sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologías, como redes definidas por software (SDN), virtualización de funciones de red (VNF) y computación en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de Separación Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologías pragmáticas de seguridad para desacoplar la protección con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la información de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con énfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicación y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a través de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protección de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protección centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliación de la protección de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneización de la protección del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados

Novel architectures and strategies for security offloading

Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilities¿ complexities have been amplified along with the evolution of Internet user mobility. In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization. The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing. From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet. On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenómeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evolución de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafíos relacionados con las vulnerabilidades de control y gestión de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafíos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticación y autorización globales. El propósito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protección. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbación sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologías, como redes definidas por software (SDN), virtualización de funciones de red (VNF) y computación en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de Separación Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologías pragmáticas de seguridad para desacoplar la protección con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la información de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con énfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicación y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a través de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protección de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protección centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliación de la protección de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneización de la protección del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados.Postprint (published version

Is DNS Ready for Ubiquitous Internet of Things?

The vision of the Internet of Things (IoT) covers not only the well-regulated processes of specific applications in different areas but also includes ubiquitous connectivity of more generic objects (or things and devices) in the physical world and the related information in the virtual world. For example, a typical IoT application, such as a smart city, includes smarter urban transport networks, upgraded water supply, and waste-disposal facilities, along with more efficient ways to light and heat buildings. For smart city applications and others, we require unique naming of every object and a secure, scalable, and efficient name resolution which can provide access to any object\u27s inherent attributes with its name. Based on different motivations, many naming principles and name resolution schemes have been proposed. Some of them are based on the well-known domain name system (DNS), which is the most important infrastructure in the current Internet, while others are based on novel designing principles to evolve the Internet. Although the DNS is evolving in its functionality and performance, it was not originally designed for the IoT applications. Then, a fundamental question that arises is: can current DNS adequately provide the name service support for IoT in the future? To address this question, we analyze the strengths and challenges of DNS when it is used to support ubiquitous IoT. First, we analyze the requirements of the IoT name service by using five characteristics, namely security, mobility, infrastructure independence, localization, and efficiency, which we collectively refer to as SMILE. Then, we discuss the pros and cons of the DNS in satisfying SMILE in the context of the future evolution of the IoT environment

Securing Handover in Wireless IP Networks

In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources. Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors. In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test