Deployment of Keystroke Analysis on a Smartphone

The current security on mobile devices is often limited to the Personal Identification Number (PIN), a secretknowledge based technique that has historically demonstrated to provide ineffective protection from misuse. Unfortunately, with the increasing capabilities of mobile devices, such as online banking and shopping, the need for more effective protection is imperative. This study proposes the use of two-factor authentication as an enhanced technique for authentication on a Smartphone. Through utilising secret-knowledge and keystroke analysis, it is proposed a stronger more robust mechanism will exist. Whilst keystroke analysis using mobile devices have been proven effective in experimental studies, these studies have only utilised the mobile device for capturing samples rather than the more computationally challenging task of performing the actual authentication. Given the limited processing capabilities of mobile devices, this study focuses upon deploying keystroke analysis to a mobile device utilising numerous pattern classifiers. Given the trade-off with computation versus performance, the results demonstrate that the statistical classifiers are the most effective

A user-oriented network forensic analyser: the design of a high-level protocol analyser

Network forensics is becoming an increasingly important tool in the investigation of cyber and computer-assisted crimes. Unfortunately, whilst much effort has been undertaken in developing computer forensic file system analysers (e.g. Encase and FTK), such focus has not been given to Network Forensic Analysis Tools (NFATs). The single biggest barrier to effective NFATs is the handling of large volumes of low-level traffic and being able to exact and interpret forensic artefacts and their context – for example, being able extract and render application-level objects (such as emails, web pages and documents) from the low-level TCP/IP traffic but also understand how these applications/artefacts are being used. Whilst some studies and tools are beginning to achieve object extraction, results to date are limited to basic objects. No research has focused upon analysing network traffic to understand the nature of its use – not simply looking at the fact a person requested a webpage, but how long they spend on the application and what interactions did they have with whilst using the service (e.g. posting an image, or engaging in an instant message chat). This additional layer of information can provide an investigator with a far more rich and complete understanding of a suspect’s activities. To this end, this paper presents an investigation into the ability to derive high-level application usage characteristics from low-level network traffic meta-data. The paper presents a three application scenarios – web surfing, communications and social networking and demonstrates it is possible to derive the user interactions (e.g. page loading, chatting and file sharing ) within these systems. The paper continues to present a framework that builds upon this capability to provide a robust, flexible and user-friendly NFAT that provides access to a greater range of forensic information in a far easier format

Chimbote in the Blue Revolution, 1940-1980

This paper looks at how the export-led growth and dependent development pursued by Peruvian politicians and capitalists produced a new nature in Chimbote. Starting in 1955, Peruvians extracted incalculable wealth from its ocean, and erected the world's largest fishing industry, centered on the production of fishmeal, a high-protein hog- and chicken-feed additive. Two decades of unrestrained exploitation of the country's natural resources and unregulated industrialization produced an ecological catastrophe in Chimbote, the center of the fishmeal industry. In 1940, it had been a serene village of 4,000; thirty years later it had become the world’s biggest fishing port, a ‘tragic city’ in which some 200,000 people lived amid thirty disturbingly polluting fishmeal processing factories. The once clear and fecund bay had become a cesspool of industrial and human wastes: Chimbote had been sacrificed to the nation's pursuit of capitalist development. This chapter decenters narratives of economic development and the environmental impact of industrialization. Most studies of Peru’s postwar industrial boom have focused on the Lima-Callao metropolitan area, to the exclusion of the vast majority of the rest of the nation. By shifting the focus from Lima to the intersections of nature, labor, and politics of rapid industrialization on the postwar Peruvian coast, we can better understand how elite schemes emanating from the metropole have impacted the people and ecologies of the periphery.This paper looks at how the export-led growth and dependent development pursued by Peruvian politicians and capitalists produced a new nature in Chimbote. Starting in 1955, Peruvians extracted incalculable wealth from its ocean, and erected the world's largest fishing industry, centered on the production of fishmeal, a high-protein hog- and chicken-feed additive. Two decades of unrestrained exploitation of the country's natural resources and unregulated industrialization produced an ecological catastrophe in Chimbote, the center of the fishmeal industry. In 1940, it had been a serene village of 4,000; thirty years later it had become the world’s biggest fishing port, a ‘tragic city’ in which some 200,000 people lived amid thirty disturbingly polluting fishmeal processing factories. The once clear and fecund bay had become a cesspool of industrial and human wastes: Chimbote had been sacrificed to the nation's pursuit of capitalist development. This chapter decenters narratives of economic development and the environmental impact of industrialization. Most studies of Peru’s postwar industrial boom have focused on the Lima-Callao metropolitan area, to the exclusion of the vast majority of the rest of the nation. By shifting the focus from Lima to the intersections of nature, labor, and politics of rapid industrialization on the postwar Peruvian coast, we can better understand how elite schemes emanating from the metropole have impacted the people and ecologies of the periphery.This paper looks at how the export-led growth and dependent development pursued by Peruvian politicians and capitalists produced a new nature in Chimbote. Starting in 1955, Peruvians extracted incalculable wealth from its ocean, and erected the world's largest fishing industry, centered on the production of fishmeal, a high-protein hog- and chicken-feed additive. Two decades of unrestrained exploitation of the country's natural resources and unregulated industrialization produced an ecological catastrophe in Chimbote, the center of the fishmeal industry. In 1940, it had been a serene village of 4,000; thirty years later it had become the world’s biggest fishing port, a ‘tragic city’ in which some 200,000 people lived amid thirty disturbingly polluting fishmeal processing factories. The once clear and fecund bay had become a cesspool of industrial and human wastes: Chimbote had been sacrificed to the nation's pursuit of capitalist development. This chapter decenters narratives of economic development and the environmental impact of industrialization. Most studies of Peru’s postwar industrial boom have focused on the Lima-Callao metropolitan area, to the exclusion of the vast majority of the rest of the nation. By shifting the focus from Lima to the intersections of nature, labor, and politics of rapid industrialization on the postwar Peruvian coast, we can better understand how elite schemes emanating from the metropole have impacted the people and ecologies of the periphery

A Process to Produce Battery Grade Silicon from Natural Halloysite Clay

We demonstrate the production of silicon from a clay mineral, halloysite, as a low-cost silicon source for high-energy anodes in aviation batteries. The halloysite-derived silicon demonstrated 1800 mAh/g capacity after formation cycles, comparable to other developing silicon materials

A forensically-enabled IASS cloud computing architecture

Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures largely due to the dynamic nature of the cloud. Whilst much research has focused upon identifying the problems that are introduced with a cloud-based system, to date there is a significant lack of research on adapting current digital forensic tools and techniques to a cloud environment. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated by the very nature of the multi-tenanted operating environment. Thus, investigators have no option but to rely on cloud providers to acquire evidence, assuming they would be willing or are required to by law. Furthermore, the evidence collected by the Cloud Service Providers (CSPs) is still questionable as there is no way to verify the validity of this evidence and whether evidence has already been lost. This paper proposes a forensic acquisition and analysis model that fundamentally shifts responsibility of the data back to the data owner rather than relying upon a third party. In this manner, organisations are free to undertaken investigations at will requiring no intervention or cooperation from the cloud provider. The model aims to provide a richer and complete set of admissible evidence than what current CSPs are able to provide

Advanced user authentification for mobile devices

Access to the full-text thesis is no longer available at the author's request, due to 3rd party copyright restrictions. Access removed on 28.11.2016 by CS (TIS).Metadata merged with duplicate record ( http://hdl.handle.net/10026.1/1101 - now deleted) on 20.12.2016 by CS (TIS).Recent years have witnessed widespread adoption of mobile devices. Whereas initial popularity was driven by voice telephony services, capabilities are now broadening to allow an increasing range of data orientated services. Such services serve to extend the range of sensitive data accessible through such devices and will in turn increase the requirement for reliable authentication of users. This thesis considers the authentication requirements of mobile devices and proposes novel mechanisms to improve upon the current state of the art. The investigation begins with an examination of existing authentication techniques, and illustrates a wide range of drawbacks. A survey of end-users reveals that current methods are frequently misused and considered inconvenient, and that enhanced methods of security are consequently required. To this end, biometric approaches are identified as a potential means of overcoming the perceived constraints, offering an opportunity for security to be maintained beyond pointof- entry, in a continuous and transparent fashion. The research considers the applicability of different biometric approaches for mobile device implementation, and identifies keystroke analysis as a technique that can offer significant potential within mobile telephony. Experimental evaluations reveal the potential of the technique when applied to a Personal Identification Number (PIN), telephone number and text message, with best case equal error rates (EER) of 9%, 8% and 18% respectively. In spite of the success of keystroke analysis for many users, the results demonstrate the technique is not uniformly successful across the whole of a given population. Further investigation suggests that the same will be true for other biometrics, and therefore that no single authentication technique could be relied upon to account for all the users in all interaction scenarios. As such, a novel authentication architecture is specified, which is capable of utilising the particular hardware configurations and computational capabilities of devices to provide a robust, modular and composite authentication mechanism. The approach, known as IAMS (Intelligent Authentication Management System), is capable of utilising a broad range of biometric and secret knowledge based approaches to provide a continuous confidence measure in the identity of the user. With a high confidence, users are given immediate access to sensitive services and information, whereas with lower levels of confidence, restrictions can be placed upon access to sensitive services, until subsequent reassurance of a user's identity. The novel architecture is validated through a proof-of-concept prototype. A series of test scenarios are used to illustrate how IAMS would behave, given authorised and impostor authentication attempts. The results support the use of a composite authentication approach to enable the non-intrusive authentication of users on mobile devices.Orange Personal Communication Services Ltd

Information leakage through second hand USB flash drives within the United Kingdom

The pervasiveness of flash based USB storage alongside increasing capacity and lowering price points has lead to a documented potential for information leakage. Such a potential is significantly raised when employees are able to use personal devices within a business environment with little regard to safe disposal practices. This study purchased a range of USB storage devices from UK based auction sites to determine what if any data was recoverable. The study found a total of 36136 recoverable files including a range of data detailing private information of previous owners, confidential corporate data, with twenty percent of the purchased USB devices securely wiped before sale

Towards dynamic adaption of user\u27s organisational information security behaviour

The weakest link in the field of information security that has been identified in the literature is the organisation’s employees. Information security policy compliance is one of the main challenges facing organisations today. Although implementing technical and procedural measures clearly helps to improve an organisation\u27s information security, the human factor or the employees\u27 compliance with these measures is the key to success. However, organisations are now having some issues regarding the extent of employee adherence to policy. The problem of employees being unaware or ignorant of their responsibilities in relation to information security is still an open issue. The proposed idea in this paper will seek to enhance end user adherence to information security policies by proposing a framework for security policy compliance monitoring and targeted awareness raising. The foremost aim of this framework is to increase users’ awareness of the importance of following information security policies. Continuously subjecting users to targeted awareness and monitoring their adherence to information security policies should enhance the effectiveness of such awareness efforts. The proposed framework is a part of on-going research and is intended to provide a foundation for future research on a dynamic adaption of users’ behaviour with information security policies

A Unified Forensics Analysis Approach to Digital Investigation

Digital forensics is now essential in addressing cybercrime and cyber-enabled crime but potentially it can have a role in almost every other type of crime. Given technology's continuous development and prevalence, the widespread adoption of technologies among society and the subsequent digital footprints that exist, the analysis of these technologies can help support investigations. The abundance of interconnected technologies and telecommunication platforms has significantly changed the nature of digital evidence. Subsequently, the nature and characteristics of digital forensic cases involve an enormous volume of data heterogeneity, scattered across multiple evidence sources, technologies, applications, and services. It is indisputable that the outspread and connections between existing technologies have raised the need to integrate, harmonise, unify and correlate evidence across data sources in an automated fashion. Unfortunately, the current state of the art in digital forensics leads to siloed approaches focussed upon specific technologies or support of a particular part of digital investigation. Due to this shortcoming, the digital investigator examines each data source independently, trawls through interconnected data across various sources, and often has to conduct data correlation manually, thus restricting the digital investigator’s ability to answer high-level questions in a timely manner with a low cognitive load. Therefore, this research paper investigates the limitations of the current state of the art in the digital forensics discipline and categorises common investigation crimes with the necessary corresponding digital analyses to define the characteristics of the next-generation approach. Based on these observations, it discusses the future capabilities of the next-generation unified forensics analysis tool (U-FAT), with a workflow example that illustrates data unification, correlation and visualisation processes within the proposed method.</jats:p