4 research outputs found
Secure Storage Model for Digital Forensic Readiness
Securing digital evidence is a key factor that contributes to evidence admissibility during digital forensic investigations, particularly in establishing the chain of custody of digital evidence. However, not enough is done to ensure that the environment and access to the evidence are secure. Attackers can go to extreme lengths to cover up their tracks, which is a serious concern to digital forensics – particularly digital forensic readiness. If an attacker gains access to the location where evidence is stored, they could easily alter the evidence (if not remove it altogether). Even though integrity checks can be performed to ensure that the evidence is sound, the collected evidence may contain sensitive information that an attacker can easily use for other forms of attack. To this end, this paper proposes a model for securely storing digital evidence captured pre- and post-incident to achieve reactive forensics. Various components were considered, such as integrity checks, environment sandboxing, strong encryption, two-factor authentication, as well as unique random file naming. A proof-of-concept tool was developed to realize this model and to prove its validity. A series of tests were conducted to check for system security, performance, and requirements validation, Overall, the results obtained showed that, with minimal effort, securing forensic artefacts is a relatively inexpensive and reliable feat. This paper aims to standardize evidence storage, practice high security standards, as well as remove the need to create new systems that achieve the same purpose
A Security Framework for Routing Protocols
With the rise in internet traffic surveillance and monitoring activities, the routing infrastructure has become an obvious target of attack as compromised routers can be used to stage large scale attacks. Routing protocols are also subjected to various threats such as capture and replay of packets that disclose the network information, forged routing control messages that may compromise a connection by deception, disruption of an on-going connection causing DoS attacks and spreading of unauthentic routing information in the network. Presently, strong cryptographic suites and key management mechanisms (IPsec and IKE) are available to secure host-to-host data communication but none of them focus on securing routing protocols. Today's routing protocols use a shared secret to perform mutual authentication and authorization, and depend on manual keying methods. For message integrity, they either rely on some built-in or external security feature that uses the same shared secret.
The KARP working group of the IETF identified that the work is required to tighten the security of the routing protocols and demonstrated that automated key management solutions are needed for increasing security. Towards this goal we propose the RPsec framework. RPsec provides a common baseline for development of KMPs for the routing protocols, supports both automated and manual key management, and overcomes the weakness of existing manual key methods
Using Large-Scale Empirical Methods to Understand Fragile Cryptographic Ecosystems
Cryptography is a key component of the security of the Internet.
Unfortunately, the process of using cryptography to secure the Internet is
fraught with failure. Cryptography is often fragile, as a single mistake can
have devastating consequences on security, and this fragility is further
complicated by the diverse and distributed nature of the Internet. This
dissertation shows how to use empirical methods in the form of Internet-wide
scanning to study how cryptography is deployed on the Internet, and shows
this methodology can discover vulnerabilities and gain insights into fragile
cryptographic ecosystems that are not possible without an empirical approach.
I introduce improvements to ZMap, the fast Internet-wide scanner, that allow
it to fully utilize a 10 GigE connection, and then use Internet-wide
scanning to measure cryptography on the Internet.
First, I study how Diffie-Hellman is deployed, and show that implementations
are fragile and not resilient to small subgroup attacks. Next, I measure the
prevalence of ``export-grade'' cryptography. Although regulations limiting
the strength of cryptography that could be exported from the United States
were lifted in 1999, Internet-wide scanning shows that support for various
forms of export cryptography remains widespread. I show how purposefully
weakening TLS to comply with these export regulations led to the FREAK,
Logjam, and DROWN vulnerabilities, each of which exploits obsolete
export-grade cryptography to attack modern clients. I conclude by discussing
how empirical cryptography improved protocol design, and I present further
opportunities for empirical research in cryptography.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/149809/1/davadria_1.pd