Authentication of electronic evidence in cybercrime cases based on Malaysian laws

Electronic evidence is one of the many forms of documentary evidence. It is stored and retrievable from electronic devices such as computers and smartphones, particularly in the their hard disks or memory banks. However, due to the fragile nature of electronic evidences, it is prone or susceptible to damage or alteration, as well as destruction due to improper handling or safe keeping. Since it can easily be tampered with or self-deteriorate,establishing the authenticity and reliability of electronic evidence is a technical task. Meanwhile, states of affairs would cause such electronic evidence to be inadmissible or carries low or no weightage whatsoever by the court, thus undermining the prosecution’s or the plaintiff’s case, as the case may be. In order to ensure such evidence is admissible and carry the expected weightage, relevant parties must first prove the authenticity of such evidence and subsequently on its reliability and relevancy. Nevertheless, in cybercrime cases, proving the crime is actually a technical challenge, where the responsible personnel are required to understand what is electronic evidence, how to extract and preserve the originality of such evidence and the laws governing electronic evidence, as well as cybercrimes. This article attempts to explain the scope of electronic evidence in relation to criminal cases such as in cybercrimes, as far as its admissibility and weightage are concerned. The discussion will be based on Malaysian and common laws

Decentralised and Collaborative Auditing of Workflows

Workflows involve actions and decision making at the level of each participant. Trusted generation, collection and storage of evidence is fundamental for these systems to assert accountability in case of disputes. Ensuring the security of audit systems requires reliable protection of evidence in order to cope with its confidentiality, its integrity at generation and storage phases, as well as its availability. Collusion with an audit authority is a threat that can affect all these security aspects, and there is room for improvement in existent approaches that target this problem. This work presents an approach for workflow auditing which targets security challenges of collusion-related threats, covers different trust and confidentiality requirements, and offers flexible levels of scrutiny for reported events. It relies on participants verifying each other's reported audit data, and introduces a secure mechanism to share encrypted audit trails with participants while protecting their confidentiality. We discuss the adequacy of our audit approach to produce reliable evidence despite possible collusion to destroy, tamper with, or hide evidence

Estudio cualitativo de la relación de las leyes y la pericia informática en el Ecuador

Resumen: El presente trabajo analiza cualitativamente las leyes vigentes en el Ecuador relacionadas a los procesos de la pericia informática. Para aquello, se estudia los pasos empleados por un perito de la Policía Nacional en el desarrollo de los casos de delito informático, suscitados en el periodo 2012-2014, que implican la evidencia digital en: disco duros, cuentas de correo electrónico, redes sociales y motor de base datos. Apartir de los casos analizados, se puede concluir que la ley contempla una mayor cantidad de artículos relacionados a las bases de datos. Sin embargo, se tendría que analizar otros tipos de evidencia digital tales como: documentos de ofimática, imágenes digitales, ficheros de registros de actividad, memoria volátil, entre otros. Palabras Clave: Pericia Informática, evidencia digital, perito informático, Código Orgánico Integral Penal (COIP)

Keperluan Prosedur Operasi Standard dalam Penerimaan Dokumen Digital di Mahkamah Sivil Malaysia

Keperluan dalam memastikan kebolehgunaan dan kebolehpercayaan dokwnen digital di mahkamah merupakan salah satu penentu kebolehterimaan dokumen digital sebagai kaedah pembuktian di mahkamah. Oleh itu, bagi mengekalkan keasliannya, dokumen digital perlu dinilai secara betul dengan menggunakan prosedur khusus supaya bukti tersebut terlindung daripada diceroboh dan diubah lantas memastikan ia diterima sebagai bukti, khususnya di mahkamah sivil. Walau bagaimanapun, masih tiada kajian yang membincangkan aspek keperluan prosedur operasi standard (SOP) dalam kebolehterimaan dokumen digital di mahkamah sivil walaupun secara umumnya mahkamah sivil telah pun mengguna pakai dokumen digital sebagai bukti sejak tahun 1950-an. Oleh itu, kajian ini akan membincangkan kedudukan dokumen digital di mahkamah sivil, enakmen, dan peruntukan berkaitan penggunaannya serta SOP untuk menggunakan dokumen digital sebagai bukti khususnya di mahkamah sivil. Kajian ini juga mengguna.kan kaedah kualitatif dengan mengumpul data daripada sumber primer dan sumber sekunder yang kemudiannya dianalisis menggunakan kaedah analisis kandungan. Kajian mendapati bahawa satu SOP tentang penerimaan dokumen digital di mahkamah sivil adalah sangat penting dan sesuai dengan undang­ undang untuk memastikan bahawa bukti yang dikemukakan adalah sahih dan boleh dipercayai, seperti yang digariskan oleh mahkamah. Hasil kajian ini juga menunjukkan bahawa ia boleh dijadikan sebagai rujukan oleh para hakim dan pengamal undang-undang sivil untuk membuat pertimbangan adil terhadap isu berkaitan dengan dokumen digital sebagai salah satu bentuk kaedah pembuktian khususnya di mahkamah sivil

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

A Concept for a Trustworthy Integration of Smartphones in Business Environments

Smartphones are commonly used within business environments nowadays. They provide sophisticated communicational means which go far beyond simple telephone capabilities. Email access and particular apps on the device are examples of their versatile abilities. While these features allow them to be used in a very flexible way, e.g. in different infrastructures, they impose new threats to their surrounding infrastructure. For example, if used in an environment which allows the installation of custom apps, malicious software may be placed on the device. In order to mitigate these threats, a detailed awareness combined with the possibility to enforce certain constraints on such devices need to be established. In detail, it is necessary to include such devices into a decision making process which decides about the policy compliance of such devices. The policy used in this process defines the rules which apply to the particular infrastructure, e.g. if custom apps are allowed or if a specific software version may not be allowed. However, even when relying on this process, there is one limitation as it does not include a trust-based evaluation. This leads to the problem that a malicious smartphone might compromise the information used for the decision making process which should determine the policy compliance of this device. This renders the overall approach ineffective as the decision wether a device is policy compliant or not may be false. Given that, the thesis presented here provides means to evaluate the trustworthiness of such information to allow a trustworthy decision making about the policy compliance. It therefore introduces two things: (1) a generic trust model for such environments and (2) a domain-specific extension called Trustworthy Context-related Signature and Anomaly Detection system for Smartphones (TCADS). The trust model (1) allows to specify, to calculate and to evaluate trust for the information used by the decision making process. More in detail, the trust founding process of (1) is done by introducing so-called security properties which allow to rate the trustworthiness of certain aspects. The trust model does not limit these aspects to a particular type. That is, device-specific aspects like the number of installed apps or the current version of the operating system may be used as well as device independent aspects like communicational parameters. The security properties defined in (1) are then used to calculate an overall trust level, which provides an evaluable representation of trust for the information used by the decision making process. The domain-specific extension (2) uses the trust model and provides a deployable trust-aware decision making solution for smartphone environments. The resulting system, TCADS, allows not only to consider trust within the decisions about the policy compliance but also enables to base the decisions solely on the trust itself. Besides the theoretical specification of the trust model (1) and the domain-specific extension (2), a proof of concept implementation is given. This implementation leverages both, the abilities of the generic trust model (1) as well as the abilities of the TCADS system (2), thus providing a deployable set of programs. Using this proof of concept implementation, an assessment shows the benefits of the proposed concept and its practical relevance. A conclusion and an outlook to future work extending this approach is given at the end of this thesis.Smartphones sind in heutigen Unternehmensnetzen mittlerweile nicht mehr wegzudenken. Über einfache Telefonie-basierte Fähigkeiten hinaus bieten sie Eigenschaften wie zum Beispiel Email-Zugriff oder hohe Anpassbarkeit auf Basis von Apps. Obwohl diese Funktionalitäten eine vielseitige Nutzung solcher Smartphones erlauben, stellen sie gleichzeitig eine neuartige Bedrohung für die umgebende Infrastruktur dar. Erlaubt eine spezifische Umgebung beispielsweise die Installation von eigenen Apps auf dem Smartphone, so ist es über diesen Weg möglich, Schadprogramme auf dem Gerät zu platzieren. Um diesen Bedrohungen entgegenzuwirken, ist es zum einen nötig Smartphones in der jeweiligen Umgebung zu erkennen und zum anderen, Richtlinien auf den jeweiligen Geräten durchsetzen zu können. Die durchzusetzenden Richtlinien legen fest, welche Einschränkungen für die jeweilige Umgebung gelten, z.B. die Erlaubnis zur Installation von eigenen Apps oder die Benutzung einer bestimmten Softwareversion. Aber auch wenn eine entsprechende Lösung zur Einbeziehung von Smartphones in die Infrastruktur verwendet wird, bleibt ein Problem ungelöst: die Betrachtung der Vertrauenswürdigkeit von durch das Smartphone bereitgestellten Informationen. Diese Einschränkung führt zu dem Problem, dass ein entsprechend kompromittiertes Smartphone die Informationen, welche zur Entscheidungsfindung über die Richtlinienkonformität des Gerätes verwendet werden, in einer Art und Weise ändert, welche den gesamten Entscheidungsprozess ineffizient und somit wirkungslos macht. Die hier vorliegende Arbeit stellt daher einen neuen Ansatz vor um einen vertrauenswürdigen Entscheidungsprozess zur Regelkonformität des Gerätes zu ermöglichen. Im Detail werden dazu zwei Ansätze vorgestellt: (1) Ein generisches Modell für Vertrauensürdigkeit sowie eine (2) domänenspezifische Abbildung dieses Modells, welches als Trustworthy Context-related Signature and Anomaly Detection system for Smartphones (TCADS) bezeichnet wird. Das Modell für Vertrauenswürdigkeit (1) erlaubt die Definition, Berechnung und Auswertung von Vetrauenswürdigkeit für Informationen welche im Entscheidungsprozess verwendet werden. Im Detail basiert die Vertrauenswürdigkeitsbestimmung auf Grundfaktoren für Vertrauen, den sogenannten Sicherheitseigenschaften. Diese Eigenschaften bewerten die Vertrauenswürdigkeit anhand von bestimmten Aspekten die entweder gerätespezifisch und Geräteunabhängig sein können. Basierend auf dieser Bewertung wird dann eine Gesamtvertrauenswürdigkeit, der sogenannte Trust Level berechnet. Dieser Trust Level erlaubt die Berücksichtigung der Vertrauenswürdigkeit bei der Entscheidungsfindung. Teil (2) der Lösung stellt, basierend auf dem Modell der Vertrauenswürdigkeit, ein System zur vertrauensbasierten Entscheidungsfindung in Smartphone Umgebungen bereit. Mit diesem System, TCADS, ist es nicht nur möglich, Entscheidungen auf ihre Korrektheit bezüglich der Vertrauenswürdigkeit zu prüfen, sondern auch Entscheidungen komplett auf Basis der Vertrauenswürdigkeit zu fällen. Neben dem allgemeingültigen Modell (1) und dem daraus resultierenden domänenspezifischen System (2), stellt die Arbeit außerdem einen Tragfähigkeitsnachweis in Form einer Referenzimplementierung bereit. Diese Implementierung nutzt sowohl Fähigkeiten des Modells der Vertrauenswürdigkeit (1) als auch des TCADS Systems (2) und stellt ein nutzbares Set von Programmen bereit. Eine Evaluierung basierend auf diesem Tragfähigkeitsnachweis zeigt die Vorteile und die Praktikabilität der vorgestellten Ansätze. Abschließend findet sich eine Zusammenfassung der Arbeit sowie ein Ausblick auf weiterführende Fragestellungen