Protecting Digital Evidence Integrity and Preserving Chain of Custody

Evidence is the key to solve any crime. Evidence integrity needs to be protected in order to make it admissible in the court of law. Digital evidence is more revealing, but it is fragile; it can easily be tampered with or modified. There are different techniques available to protect the integrity of digital evidence. Different automated digital evidence acquisition tools are available in the market. In this paper, we have analyzed two automated tools (EnCase and FTK Imager) that are used for disk imaging. These tools claim to protect the integrity of digital evidence. The techniques used by these tools are analyzed in this paper. Problems with their approaches are discussed and a solution is proposed to address the problems. A prototype of an automated tool is developed with an implementation of the proposed solution

State of Alaska Election Security Project Phase 2 Report

A laska’s election system is among the most secure in the country, and it has a number of safeguards other states are now adopting. But the technology Alaska uses to record and count votes could be improved— and the state’s huge size, limited road system, and scattered communities also create special challenges for insuring the integrity of the vote. In this second phase of an ongoing study of Alaska’s election security, we recommend ways of strengthening the system—not only the technology but also the election procedures. The lieutenant governor and the Division of Elections asked the University of Alaska Anchorage to do this evaluation, which began in September 2007.Lieutenant Governor Sean Parnell. State of Alaska Division of Elections.List of Appendices / Glossary / Study Team / Acknowledgments / Introduction / Summary of Recommendations / Part 1 Defense in Depth / Part 2 Fortification of Systems / Part 3 Confidence in Outcomes / Conclusions / Proposed Statement of Work for Phase 3: Implementation / Reference

Mobile Identity, Credential, and Access Management Framework

Organizations today gather unprecedented quantities of data from their operations. This data is coming from transactions made by a person or from a connected system/application. From personal devices to industry including government, the internet has become the primary means of modern communication, further increasing the need for a method to track and secure these devices. Protecting the integrity of connected devices collecting data is critical to ensure the trustworthiness of the system. An organization must not only know the identity of the users on their networks and have the capability of tracing the actions performed by a user but they must trust the system providing them with this knowledge. This increase in the pace of usage of personal devices along with a lack of trust in the internet has driven demand for trusted digital identities. As the world becomes increasingly mobile with the number of smart phone users growing annually and the mobile web flourishing, it is critical to implement strong security on mobile devices. To manage the vast number of devices and feel confident that a machine’s identity is verifiable, companies need to deploy digital credentialing systems with a strong root of trust. As passwords are not a secure method of authentication, mobile devices and other forms of IoT require a means of two-factor authentication that meets NIST standards. Traditionally, this has been done with Public Key Infrastructure (PKI) through the use of a smart card. Blockchain technologies combined with PKI can be utilized in such a way as to provide an identity and access management solution for the internet of things (IoT). Improvements to the security of Radio Frequency Identification (RFID) technology and various implementations of blockchain make viable options for managing the identity and access of IoT devices. When PKI first began over two decades ago, it required the use of a smart card with a set of credentials known as the personal identity verification (PIV) card. The PIV card (something you have) along with a personal identification number (PIN) (something you know) were used to implement two-factor authentication. Over time the use of the PIV cards has proven challenging as mobile devices lack the integrated smart card readers found in laptop and desktop computers. Near Field Communication (NFC) capability in most smart phones and mobile devices provides a mechanism to allow a PIV card to be read by a mobile device. In addition, the existing PKI system must be updated to meet the demands of a mobile focused internet. Blockchain technology is the key to modernizing PKI. Together, blockchain-based PKI and NFC will provide an IoT solution that will allow industry, government, and individuals a foundation of trust in the world wide web that is lacking today

AN APPRAISAL OF TRADITIONAL AND MODERN METHODS OF SECURITY OF INFORMATION RESOURCES IN CHUKWUEMEKA ODUMEGWU OJUKWU UNIVERSITY LIBRARY

ABSTRACT This study carried out an appraisal of traditional and modern methods of security of information resources in Chukwuemeka Odumegwu Ojukwu University Library. The population of the study consists of 51 library staff, and sample size of the study was 44 library staff which was selected randomly using simple random sample techniques. Three research questions were formulated to guide this study. Data was collected using the questionnaire, and was analysed with descriptive statistics such as mean, and simple percentage. The study revealed that the traditional method of security of information resources used in Chukwuemeka Odumegwu Ojukwu University library includes: Security Clearance check at entrance/exit door, Library stamp at certain adopted pages of library books, Single Door Entry-Exit for Staff & User, Library cards as access entry authorization, Security Guards Employed to Patrol, Fire Extinguisher & Security Equipment, and Signature of every user. The study revealed that, the Modern method of security of information resources used in Chukwuemeka Odumegwu Ojukwu University library include: Air conditioner for Humidity control, CCTV camera, Use of password/ access code, and Digital Data Security Systems (like antivirus). The finding of the study revealed that the challenges facing the traditional and modern method of security of information resources use in Chukwuemeka Odumegwu Ojukwu University library include: Inadequate fund, Poor power supply, low policy implementation, inadequate professional librarian, and Inadequate library staff. Based on the finding the study recommended as follows: Library management should market library product and services to the users, and take advantage of fee based library services to generate more fund in addition to that coming from the parent institution; and Library management should take adequate measure to acquire big capacity solar energy, and big generator set for library services, to solve the issue of poor power supply

The Legal Aspects and the Enhanced Role of Cybersecurity in Protecting the Electronic Voting Process in the Context of Jordan Parliament Election Law No. (4) of 2022

This study, entitled: The legal aspects and the enhanced role of cybersecurity in protecting the electronic voting process , dealt with the concept of the electronic voting process, in addition to the most important characteristics of that process, as well as highlighting the pros and cons related to the electronic voting system. Then, the researchers singled out a proposed approach for the electronic voting process in terms of the adopted mechanism and cyber protection in accordance with the provisions of the Jordanian Election Law No. (4) of 2022. At the end of the research, the researchers recommended activating the text of Article 40 of the electoral law by issuing legislation that regulates the electronic voting process and enhances the protection of cyber security, and then updating the technical and legislative system of the Independent Election Commission and the Ministry of Political Development

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added

Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

Secure and Trusted Execution:Past, Present, and Future - A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems

International audienc