Forensic applications of analog memory: the digital evidence bag

Digital evidence is electronic data that \has the potential to make the factual account of either party more probable or less probable than it would be without the evidence" [1]. We consider digital evidence stored on a physical memory device, collected in the fi eld and transported to a lab where the digital content is stored and analyzed. Digital Forensics is the area of study that deals with the science behind this process, as well as establishing best practices and legal requirements. The core aspects of digital forensics are preserving evidence integrity and the chain of custody during the handling and storage of the evidence [2]. In this thesis, we look specifi cally at digital evidence where only digital data is collected (such as forensic photography), as opposed to digital evidence that also includes the storage medium (such as seized mobile phones). We review the existing procedures used for collecting and transporting evidence and explore how these processes could be improved to better suit this kind of digital evidence. The fi eld of Information Security deals with providing con fidentiality and integrity of data, along with authentication and non-repudiation of both data and entities [3]. This is a widely researched and well developed area with many commercial applications, the most well known being internet security. We review and categorize the existing technologies used in information security into four avenues of approach based upon the fundamental security concepts of each: cryptography, widely witnessed, hardware security and exploitation of manufacturing defects. Many information security systems incorporate several of these approaches which leads to the overall security of the system being improved. The aims of Digital Forensics and Information Security are similar, however the processes and systems used are very different. This partly reflects that digital forensics is usually subject to a greater level of legal scrutiny, but it also highlights that there are potentially opportunities to improve the processes and systems used. Hence we develop the concept of a \digital evidence bag" (DEB), a device for the secure transport of digital evidence that has the same requirements as physical evidence bags: tamper-evident, unforgeable and clean. To achieve these requirements through technological solutions, we look at technology used in Information Security along with traditional forensic processes and explore how they can be adapted to create a DEB. Given the nature of digital data, it is easy to produce exact copies and edit the data with- out loss of quality. From a forensics point of view, this strips out a lot of the imperfections that are usually exploited in the traditional forensic processes. However the technology used to build digital memory is still inherently analog and has non-ideal characteristics, which are usually obfuscated in the digital application space. We show how these characteristics can be exploited to achieve the DEB requirements. We explore how a digital fi ngerprint for conventional digital memory could be used to meet the requirements of the DEB. We also propose a DEB based on analog memory cells which offers a novel method to meet the requirements.Thesis (MPhil) -- University of Adelaide, School of Electrical and Electronic Engineering, 202

Secure portable execution and storage environments: A capability to improve security for remote working

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing security risks are researched. This research explores the use of secure portable execution and storage environments (secure PESEs) to improve information security for the remote work categories of telework, and mobile and deployed working. This thesis with publication makes an original contribution to improving remote work information security through the development of a body of knowledge (consisting of design models and design instantiations) and the assertion of a nascent design theory. The research was conducted using design science research (DSR), a paradigm where the research philosophies are grounded in design and construction. Following an assessment of both the remote work information security issues and threats, and preparation of a set of functional requirements, a secure PESE concept was defined. The concept is represented by a set of attributes that encompass the security properties of preserving the confidentiality, integrity and availability of the computing environment and data. A computing environment that conforms to the concept is considered to be a secure PESE, the implementation of which consists of a highly portable device utilising secure storage and an up-loadable (on to a PC) secure execution environment. The secure storage and execution environment combine to address the information security risks in the remote work location. A research gap was identified as no existing ‘secure PESE like’ device fully conformed to the concept, enabling a research problem and objectives to be defined. Novel secure storage and execution environments were developed and used to construct a secure PESE suitable for commercial remote work and a high assurance secure PESE suitable for security critical remote work. The commercial secure PESE was trialled with an existing telework team looking to improve security and the high assurance secure PESE was trialled within an organisation that had previously vetoed remote working due to the sensitivity of the data it processed. An evaluation of the research findings found that the objectives had been satisfied. Using DSR evaluation frameworks it was determined that the body of knowledge had improved an area of study with sufficient evidence generated to assert a nascent design theory for secure PESEs. The thesis highlights the limitations of the research while opportunities for future work are also identified. This thesis presents ten published papers coupled with additional doctoral research (that was not published) which postulates the research argument that ‘secure PESEs can be used to manage information security risks within the remote work environment’