Forensic Collection of Electronic Evidence from Infrastructure-As-a-Service Cloud Computing

As cloud computing becomes ubiquitous, the criminal targeting and criminal use of cloud computing is inevitable and imminent. Similarly, the need for civil forensic analyses of cloud computing has become more prevalent. Forensic investigation of cloud computing matters first requires an understanding of the technology and issues associated with the collection of electronically stored information (“ESI”) in the cloud. The misuse of the broad term “cloud computing” has caused some confusion and misinformation among legal and technology scholars, leading to a muddied and incomplete analysis of cloud-based discovery issues. Cases and academic analyses have dealt primarily with popular online services such as Gmail and Facebook, but they omit discussions of commercial cloud computing providers’ fundamental infrastructure offerings

Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies

The inevitable vulnerabilities and criminal targeting of cloud environments demand an understanding of how digital forensic investigations of the cloud can be accomplished. We present two hypothetical case studies of cloud crimes; child pornography being hosted in the cloud, and a compromised cloudbased website. Our cases highlight shortcomings of current forensic practices and laws. We describe significant challenges with cloud forensics, including forensic acquisition, evidence preservation and chain of custody, and open problems for continued research. Keywords: Cloud computing, cloud forensics, digital forensics, case studie

Privacy, Security, and Usability Tradeoffs of Telehealth from Practitioners' Perspectives

The COVID-19 pandemic has significantly transformed the healthcare sector, with telehealth services being among the most prominent changes. The adoption of telehealth services, however, has raised new challenges, particularly in the areas of security and privacy. To better comprehend the telehealth needs and concerns of medical professionals, particularly those in private practice, we conducted a study comprised of 20 semi-structured interviews with telehealth practitioners in audiology and speech therapy. Our findings indicate that private telehealth practitioners encounter difficult choices when it comes to balancing security, privacy, usability, and accessibility, particularly while caring for vulnerable populations. Additionally, the study revealed that practitioners face challenges in ensuring HIPAA compliance due to inadequate resources and a lack of technological comprehension. Policymakers and healthcare providers should take proactive measures to address these challenges, including offering resources and training to ensure HIPAA compliance and enhancing technology infrastructure to support secure and accessible telehealth

Battle Ground: Data Collection and Labeling of CTF Games to Understand Human Cyber Operators

Industry standard frameworks are now widespread for labeling the high-level stages and granular actions of attacker and defender behavior in cyberspace. While these labels are used for atomic actions, and to some extent for sequences of actions, there remains a need for labeled data from realistic full-scale attacks. This data is valuable for better understanding human actors' decisions, behaviors, and individual attributes. The analysis could lead to more effective attribution and disruption of attackers. We present a methodological approach and exploratory case study for systematically analyzing human behavior during a cyber offense/defense capture-the-flag (CTF) game. We describe the data collection and analysis to derive a metric called keystroke accuracy. After collecting players' commands, we label them using the MITRE ATT&CK framework using a new tool called Pathfinder. We present results from preliminary analysis of participants' keystroke accuracy and its relation to score outcome in CTF games. We describe frequency of action classification within the MITRE ATT&CK framework and discuss some of the mathematical trends suggested by our observations. We conclude with a discussion of extensions for the methodology, including performance evaluation during games and the potential use of this methodology for training artificial intelligence.Comment: 9 pages, accepted to 2023 Workshop on Cyber Security Experimentation and Test (CSET

Emergent (In)Security of Multi-Cloud Environments

As organizations increasingly use cloud services to host their IT infrastructure, there is a need to share data among these cloud hosted services and systems. A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments. When an organization grows their multi-cloud environment, the threat vectors and vulnerabilities for their cloud systems and services grow as well. The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures to best defend a multi-cloud environment against attacks. Utilizing multiple industry standard risk analysis tools, we conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures. The prioritizations from the analysis showed that authentication and architecture are the highest risk areas of threat vectors. Armed with this data, IT managers are able to more appropriately budget cybersecurity expenditure to implement the most impactful mitigations and countermeasures

Systemic Risk and Vulnerability Analysis of Multi-cloud Environments

With the increasing use of multi-cloud environments, security professionals face challenges in configuration, management, and integration due to uneven security capabilities and features among providers. As a result, a fragmented approach toward security has been observed, leading to new attack vectors and potential vulnerabilities. Other research has focused on single-cloud platforms or specific applications of multi-cloud environments. Therefore, there is a need for a holistic security and vulnerability assessment and defense strategy that applies to multi-cloud platforms. We perform a risk and vulnerability analysis to identify attack vectors from software, hardware, and the network, as well as interoperability security issues in multi-cloud environments. Applying the STRIDE and DREAD threat modeling methods, we present an analysis of the ecosystem across six attack vectors: cloud architecture, APIs, authentication, automation, management differences, and cybersecurity legislation. We quantitatively determine and rank the threats in multi-cloud environments and suggest mitigation strategies.Comment: 27 pages, 9 figure

Sonification with music for cybersecurity situational awareness

Presented at the 25th International Conference on Auditory Display (ICAD 2019) 23-27 June 2019, Northumbria University, Newcastle upon Tyne, UK.Cyber defenders work in stressful, information-rich, and highstakes environments. While other researchers have considered sonification for security operations centers (SOCs), the mappings of network events to sound parameters have produced aesthetically unpleasing results. This paper proposes a novel sonification process for transforming data about computer network traffic into music. The musical cues relate to notable network events in such a way as to minimize the amount of training time a human listener would need in order to make sense of the cues. We demonstrate our technique on a dataset of 708 million authentication events over nine continuous months from an enterprise network. We illustrate a volume-centric approach in relation to the amplitude of the input data, and also a volumetric approach mapping the input data signal into the number of notes played. The resulting music prioritizes aesthetics over bandwidth to balance performance with adoption

Invisible Security: Protecting Users with No Time to Spare

Presented online via Bluejeans Events and in-person in the CODA Building, 9th floor atrium on November 5, 2021 at 12:30 p.m.Dr. Josiah Dykstra is a Technical Fellow in the Cybersecurity Collaboration Center at the National Security Agency (NSA). He advises leadership and employees on technical matters for integrated cybersecurity operations and provides overall technical direction on projects and programs that enable high impact operational effects in the cyber domain and deny adversaries the ability to influence, exploit, or threaten cyber and information infrastructure domains.Runtime: 45:11 minutesFor over 50 years, the cybersecurity community has sought to protect vulnerable systems and users from victimization. Despite ongoing and valiant work at adoption and usability, some users cannot or will not avail themselves of necessary cybersecurity measures. Average, non-expert users—particularly those in small businesses—cannot afford to devote time to cybersecurity. Instead of accepting the risk of no security, alternatives are possible which achieve both security outcomes and conservation of time. In this talk, we explore the paradigm of invisible security focused on creating cyber defenses that occur automatically without end user intervention. We present examples consistent with this approach in existence today, including automatic software updates and protective DNS. Then we describe how invisible defenses may aid potential beneficiaries in health care, the defense industrial base, and the general public. Finally, we present benefits and limitations of the approach and propose areas of future research and innovation