Secure Bitcoin Wallet

Virtuaalvaluutad ja mobiilne pangandus on tehnoloogilised uuendused, mis on rah- vusvahelises kogukonnas saamas kasvavat tähelepanu oma kättesaadavuse, mugavuse ja kiiruse tõttu. Populaarsuse kasv on kahjuks kaasa toonud ka suurenenud turvariski iden- titeedivarguste näol, tekitades ohu kasutajate anonüümsusele. Riske on võimalik vältida, kasutades krüptograafilisi meetmeid Bitcoini ja teiste hajutatud digitaalsete valuutade vastaste rünnete vähendamiseks sideliinil ning hoiustamisel. See ülevaade koondab erine- vad meetodid ja lahendused selliste rünnete vastu ning uurib nende tõhusust. Lisaks kir- jeldatakse turvalist Bitcoini rahakotti (Secure Bitcoin Wallet), mis on standardne Bitcoini ülekannete klient koos tõhustatud turvaomaduste ja -teenustega.Virtual currencies and mobile banking are technology advancements that are receiving increased attention in the global community because of their accessibility, convenience and speed. However, this popularity comes with growing security concerns, like increasing frequency of identity theft, leading to bigger problems which put user anonymity at risk. One possible solution for these problems is using cryptography to enhance security of Bitcoin or other decentralised digital currency systems and to decrease frequency of attacks on either communication channels or system storage. This report outlines various methods and solutions targeting these issues and aims to understand their effectiveness. It also describes Secure Bitcoin Wallet, standard Bitcoin transactions client, enhanced with various security features and services

Mobile forensics : analysis of the messaging application Signal.

This study reviewed if there are ways to recover messages, image, videos, and call logs within the mobile application Signal, developed by Open Whisper Systems. The purpose of this study was to research the data recovery as fact or fiction, while providing which tools and extraction methods produced more accurate results. Further research was needed to explore data recovered from an Android mobile device compared to an iOS mobile device. The forensic tools used to conduct this research included UFED 4PC (Universal Forensic Extraction Device), version 6.3.1.477 with an internal build version 4.7.1.477 and UFED Physical Analyzer version 6.3.11.36, developed by Cellebrite. The study also compared the results using Cellebrite to three different open source tools, iPhone Analyzer, iExplorer, and Autopsy. The meaning of open source can be a tool or program that is designed for specific tasks, yet the source code is openly published to the public. These tools or programs are free of charge unless the user opts to pay for the expanded versions. Overall, the results were dependent on the make and model of the mobile devices. Out of four different types of mobile devices, only one device produced viable results when it came to the Signal Application. The physical extraction from UFED 4PC and Physical Analyzer on the Android ZTE Z993 device was able to recover an abundant amount of data. The other three devices produced minimal results only showing the installation of the application, but no real message data using the UFED 4PC version 6.3.1.477 and UFED Physical Analyzer version 6.3.11.36 software. The three open source software, iPhone Analyzer, iExplorer, and Autopsy also produced minimal results with the exception of the Android ZTE Z993 device. Autopsy free version was able to parse the data missed by the Cellebrite commercial tools and recover some of the missing images within messages sent inside of the Signal Application

Forensic Authentication of WhatsApp Messenger Using the Information Retrieval Approach

The development of telecommunications has increased very rapidly since the internet-based instant messaging service has spread rapidly to Indonesia. WhatsApp is the most popular instant messaging application compared to other instant messaging services, according to the statista website users of WhatsApp services in 2018 showed significant growth by gathering 1.5 billion monthly active users or monthly active users (MAU). That number increased 14 percent compared to MAU WhatsApp in July 2017 which amounted to 1.3 billion. Daily active users aka DAU are in the range of one billion. WhatsApp handles more than 60 billion message exchanges between users around the world. This growth is predicted to continue to increase, along with the wider internet penetration. Along with WhatsApp updates with various features embedded in this application including Web-based Whatsapp for computers, this feature makes it easier for users to share data and can be synchronized with their smartphone or user's computer. Besides the positive side found in the application, WhatsApp also provides a security gap for user privacy, one of which is tapping conversations involving both smartphone and computer devices. The handling of crimes involving digital devices needs to be emphasized so that they can help the judicial process of the effects they have caused Mobile Forensics Investigation also took part in suppressing the misuse of WhatsApp's instant messaging service features, including investigating the handling of cases of WhatsApp conversations through a series of standard steps according to digital forensics procedures. Exploration of evidence (digital evidence) WhatsApp conversations will be a reference to the crime of telecommunication tapping which will then be carried out forensic investigation report involving evidence of the smartphone and computer of the victim. Keywords: Authentication, Mobile Forensics, Instant Messenger, and WhatsApp Messenger

Mobile Forensic Investigation on iOS & Android Smartphones: Case Study Investigation on WhatsApp

Following the exponential growth of information and communication technologies, the smartphone market, as well as advances in wireless data networks (3G and 4G), has accelerated. Mobile apps for social networking and instant messaging have been created by these firms. Other instant messaging (IM) smartphone programs like WhatsApp (WA), Viber, and IMO have also been created. WA is the most widely used instant messaging program. With WA, you can send and receive messages in a variety of formats, including text, voice, video, and documents. Various cybercrime incidents were committed through WA's. WA use leaves several artifacts that may be examined to detect the digital evidence. In addition, iOS and Android are two of the most popular smartphone operating systems. Because of this, the inquiry will involve the use of forensic investigative techniques and methodologies. Forensics on both iOS and Android cellphones were utilized to investigate a digital crime that was believed to have been perpetrated in WA. To conclude the investigation, we analyzed chat logs, phone records, and other media to gather proof. Legal framework and established processes were used to guarantee that evidence was preserved from change or destruction and that the witness's account was acceptable in court throughout the investigative process. It was finally stated that the inquiry and evidence had been presented. As a result, WA forensic artifacts might be evaluated and found effectively utilizing the mobile forensic procedure

Forensic analysis of open-source XMPP multi-client social networking apps on iOS devices

In this paper, we present forensic analysis of Monal and Siskin IM, two decentralized open-source XMPP multi-client social networking apps on iOS devices that provide anonymity and privacy using OMEMO end-to-end encryption. We identified databases maintained by each app and storage locations within the iOS file system that stores the local copies of user information and metadata. We analyzed the databases and storage locations for evidential data of forensic value. The results in this paper show a detailed analysis and correlation of data stored in each app's database to identify the local user's multiple IM accounts and contact list, contents of messages exchanged with contacts, and chronology of conversations. The focus and main contributions of this study include a detailed description of artifacts of forensic interest that can be used to aid mobile forensic investigations

Security Analysis of the Telegram IM

Tato diplomová práce se zabývá studiem programu Telegram a s ním souvisejícího protokolu MTProto. Zaměřuje se především na kryptografické zázemí protokolu, zdrojový kód Android aplikace, zkoumá datový přenos a porovnává stav aplikace s oficiální dokumentací. Dále analyzuje potencionální bezpečnostní slabiny a případně demonstruje jejich zneužití.This thesis is devoted to an analysis of the Telegram Messenger and the related MTProto protocol. It studies the cryptographic background of MTProto, the Android client source code and the generated network traffic. Additionally, it compares the application to its official documentation. Finally it discusses potential vulnerabilities and various attempts to exploit them

Evaluation and Identification of Authentic Smartphone Data

Mobile technology continues to evolve in the 21st century, providing end-users with mobile devices that support improved capabilities and advance functionality. This ever-improving technology allows smartphone platforms, such as Google Android and Apple iOS, to become prominent and popular among end-users. The reliance on and ubiquitous use of smartphones render these devices rich sources of digital data. This data becomes increasingly important when smartphones form part of regulatory matters, security incidents, criminal or civil cases. Digital data is, however, susceptible to change and can be altered intentionally or accidentally by end-users or installed applications. It becomes, therefore, essential to evaluate the authenticity of data residing on smartphones before submitting the data as potential digital evidence. This thesis focuses on digital data found on smartphones that have been created by smartphone applications and the techniques that can be used to evaluate and identify authentic data. Identification of authentic smartphone data necessitates a better understanding of the smartphone, the related smartphone applications and the environment in which the smartphone operates. Derived from the conducted research and gathered knowledge are the requirements for authentic smartphone data. These requirements are captured in the smartphone data evaluation model to assist digital forensic professionals with the assessment of smartphone data. The smartphone data evaluation model, however, only stipulates how to evaluate the smartphone data and not what the outcome of the evaluation is. Therefore, a classification model is constructed using the identified requirements and the smartphone data evaluation model. The classification model presents a formal classification of the evaluated smartphone data, which is an ordered pair of values. The first value represents the grade of the authenticity of the data and the second value describes the completeness of the evaluation. Collectively, these models form the basis for the developed SADAC tool, a proof of concept digital forensic tool that assists with the evaluation and classification of smartphone data. To conclude, the evaluation and classification models are assessed to determine the effectiveness and efficiency of the models to evaluate and identify authentic smartphone data. The assessment involved two attack scenarios to manipulate smartphone data and the subsequent evaluation of the effects of these attack scenarios using the SADAC tool. The results produced by evaluating the smartphone data associated with each attack scenario confirmed the classification of the authenticity of smartphone data is feasible. Digital forensic professionals can use the provided models and developed SADAC tool to evaluate and identify authentic smartphone data. The outcome of this thesis provides a scientific and strategic approach for evaluating and identifying authentic smartphone data, offering needed assistance to digital forensic professionals. This research also adds to the field of digital forensics by providing insights into smartphone forensics, architectural components of smartphone applications and the nature of authentic smartphone data.Thesis (PhD)--University of Pretoria, 2019.Computer SciencePhDUnrestricte

CloudMe forensics : a case of big-data investigation

The significant increase in the volume, variety and velocity of data complicates cloud forensic efforts, as such big data will, at some point, become computationally expensive to be fully extracted and analyzed in a timely manner. Thus, it is important for a digital forensic practitioner to have a well-rounded knowledge about the most relevant data artefacts that could be forensically recovered from the cloud product under investigation. In this paper, CloudMe, a popular cloud storage service, is studied. The types and locations of the artefacts relating to the installation and uninstallation of the client application, logging in and out, and file synchronization events from the computer desktop and mobile clients are described. Findings from this research will pave the way towards the development of tools and techniques (e.g. data mining techniques) for cloud-enabled big data endpoint forensics investigation

An Empirical Study on Android for Saving Non-shared Data on Public Storage

With millions of apps that can be downloaded from official or third-party market, Android has become one of the most popular mobile platforms today. These apps help people in all kinds of ways and thus have access to lots of user's data that in general fall into three categories: sensitive data, data to be shared with other apps, and non-sensitive data not to be shared with others. For the first and second type of data, Android has provided very good storage models: an app's private sensitive data are saved to its private folder that can only be access by the app itself, and the data to be shared are saved to public storage (either the external SD card or the emulated SD card area on internal FLASH memory). But for the last type, i.e., an app's non-sensitive and non-shared data, there is a big problem in Android's current storage model which essentially encourages an app to save its non-sensitive data to shared public storage that can be accessed by other apps. At first glance, it seems no problem to do so, as those data are non-sensitive after all, but it implicitly assumes that app developers could correctly identify all sensitive data and prevent all possible information leakage from private-but-non-sensitive data. In this paper, we will demonstrate that this is an invalid assumption with a thorough survey on information leaks of those apps that had followed Android's recommended storage model for non-sensitive data. Our studies showed that highly sensitive information from billions of users can be easily hacked by exploiting the mentioned problematic storage model. Although our empirical studies are based on a limited set of apps, the identified problems are never isolated or accidental bugs of those apps being investigated. On the contrary, the problem is rooted from the vulnerable storage model recommended by Android. To mitigate the threat, we also propose a defense framework

Elliptic Curve Cryptography Services for Mobile Operating Systems

Mobile devices as smartphones, tablets and laptops, are nowadays considered indispensable objects by most people in developed countries. A s personal and work assistant s , some of th e s e devices store , process and transmit sensitive and private data. Naturally , the number of mobile applications with integrated cryptographic mechanisms or offering security services has been significantly increasing in the last few years. Unfortunately, not all of those applications are secure by design, while other may not implement the cryptographic primitives correctly. Even the ones that implement them correctly may suffer from longevity problems, since cryptographic primitives that are considered secure nowadays may become obsolete in the next few years. Rivest, Shamir and Adleman (RSA) is an example of an widely used cryptosystem that may become depleted shorty . While the security issues in the mobile computing environment may be of median severity for casual users, they may be critical for several professional classes, namely lawyers, journalists and law enforcement agents. As such, it is important to approach these problems in a structured manner. This master’s program is focused on the engineering and implementation of a mobile application offering a series of security services. The application was engineered to be secure by design for the Windows Phone 8.1 Operating System (OS) which, at the time of writing this dissertation, was the platform with the most discreet offer in terms of applications of this type. The application provides services such as secure exchange of a cryptographic secret, encryption and digital signature of messages and files, management of contacts and encryption keys and secure password generation and storage. Part of the cryptographic primitives used in this work are from the Elliptic Curve Cryptography (ECC) theory, for which the discrete logarithm problem is believed to be harder and key handling is easier. The library defining a series of curves and containing the procedures and operations supporting the ECC primitives was implemented from scratch, since there was none available, comprising one of the contributions of this work. The work evolved from the analysis of the state-of-the-art to the requirements analysis and software engineering phase, thoroughly described herein, ending up with the development of a prototype. The engineering of the application included the definition of a trust model for the exchange of public keys and the modeling of the supporting database. The most visible outcomes of this master’s program are the fully working prototype of a mobile application offering the aforementioned security services, the implementation of an ECC library for the .NET framework, and this dissertation. The source code for the ECC library was made available online on GitHub with the name ECCryptoLib [Ana15]. Its development and improvement was mostly dominated by unit testing. The library and the mobile application were developed in C?. The level of security offered by the application is guaranteed via the orchestration and combination of state-of-the-art symmetric key cryptography algorithms, as the Advanced Encryption Standard (AES) and Secure Hash Algorithm 256 (SHA256) with the ECC primitives. The generation of passwords is done by using several sensors and inputs as entropy sources, which are fed to a cryptographically secure hash function. The passwords are stored in an encrypted database, whose encryption key changes every time it is opened, obtained using a Password-Based Key Derivation Function 2 (PBKDF2) from a master password. The trust model for the public keys designed in the scope of this work is inspired in Pretty Good Privacy (PGP), but granularity of the trust levels is larger.Dispositivos móveis como computadores portáteis, smartphones ou tablets, são, nos dias de hoje, considerados objectos indispensáveis pela grande maioria das pessoas residentes em países desenvolvidos. Por serem utilizados como assistentes pessoais ou de trabalho, alguns destes dispositivos guardam, processam e transmitem dados sensíveis ou privados. Naturalmente, o número de aplicações móveis com mecanismos criptográficos integrados ou que oferecem serviços de segurança, tem vindo a aumentar de forma significativa nos últimos anos. Infelizmente, nem todas as aplicações são seguras por construção, e outras podem não implementar as primitivas criptográficas corretamente. Mesmo aquelas que as implementam corretamente podem sofrer de problemas de longevidade, já que primitivas criptográficas que são hoje em dia consideradas seguras podem tornar-se obsoletas nos próximos anos. O Rivest, Shamir and Adleman (RSA) constitui um exemplo de um sistema criptográfico muito popular que se pode tornar obsoleto a curto prazo. Enquanto que os problemas de segurança em ambientes de computação móvel podem ser de média severidade para utilizadores casuais, estes são normalmente críticos para várias classes profissionais, nomeadamente advogados, jornalistas e oficiais da justiça. É, por isso, importante, abordar estes problemas de uma forma estruturada. Este programa de mestrado foca-se na engenharia e implementação de uma aplicação móvel que oferece uma série de serviços de segurança. A aplicação foi desenhada para ser segura por construção para o sistema operativo Windows Phone 8.1 que, altura em que esta dissertação foi escrita, era a plataforma com a oferta mais discreta em termos de aplicações deste tipo. A aplicação fornece funcionalidades como trocar um segredo criptográfico entre duas entidades de forma segura, cifra, decifra e assinatura digital de mensagens e ficheiros, gestão de contactos e chaves de cifra, e geração e armazenamento seguro de palavras-passe. Parte das primitivas criptográficas utilizadas neste trabalho fazem parte da teoria da criptografia em curvas elípticas, para a qual se acredita que o problema do logaritmo discreto é de mais difícil resolução e para o qual a manipulação de chaves é mais simples. A biblioteca que define uma série de curvas, e contendo os procedimentos e operações que suportam as primitivas criptográficas, foi totalmente implementada no âmbito deste trabalho, dado ainda não existir nenhuma disponível no seu início, compreendendo assim uma das suas contribuições. O trabalho evoluiu da análise do estado da arte para o levantamento dos requisitos e para a fase de engenharia de software, aqui descrita detalhadamente, culminando no desenvolvimento de um protótipo. A engenharia da aplicação incluiu a definição de um sistema de confiança para troca de chaves públicas e também modelação da base de dados de suporte. Os resultados mais visíveis deste programa de mestrado são o protótipo da aplicação móvel, completamente funcional e disponibilizando as funcionalidades de segurança acima mencionadas, a implementação de uma biblioteca Elliptic Curve Cryptography (ECC) para framework .NET, e esta dissertação. O código fonte com a implementação da biblioteca foi publicada online. O seu desenvolvimento e melhoramento foi sobretudo dominado por testes unitários. A biblioteca e a aplicação móvel foram desenvolvidas em C?. O nível de segurança oferecido pela aplicação é garantido através da orquestração e combinação de algoritmos da criptografia de chave simétrica atuais, como o Advanced Encryption Standard (AES) e o Secure Hash Algorithm 256 (SHA256), com as primitivas ECC. A geração de palavras-passe é feita recorrendo utilizando vários sensores e dispoitivos de entrada como fontes de entropia, que posteriormente são alimentadas a uma função de hash criptográfica. As palavras-passe são guardadas numa base de dados cifrada, cuja chave de cifra muda sempre que a base de dados é aberta, sendo obtida através da aplicação de um Password-Based Key Derivation Function 2 (PBKDF2) a uma palavrapasse mestre. O modelo de confiança para chaves públicas desenhado no âmbito deste trabalho é inspirado no Pretty Good Privacy (PGP), mas a granularidade dos níveis de confiança é superior