Forensically-Sound Analysis of Security Risks of using Local Password Managers

Password managers have been developed to address the human challenges associated with password security, i.e., to solve usability issues in a secure way. They offer, e.g., features to create strong passwords, to manage the increasing number of passwords a typical user has, and to auto-fill passwords, sparing users the hassle of not only remembering but also typing them. Previous studies have focused mainly on the security analysis of cloud-based and browser-based password managers; security of local password managers remains mostly under-explored. This paper takes a forensic approach and reports on a case study of three popular local password managers: KeePass (v2.28), Password Safe (v3.35.1) and RoboForm (v7.9.12). Results revealed that either the master password or the content of the password database could be found unencrypted in Temp folders, Page files or Recycle bin, even after the applications had been closed. Therefore, an attacker or malware with temporary access to the computer on which the password managers were running may be able to steal sensitive information, even though these password managers are meant to keep the databases encrypted and protected at all times

Special Issue on Cyberharassment Investigation: Advances and Trends

Empirical and anecdotal evidence indicates that cyberharassment is more prevalent as the use of social media becomes increasingly widespread, making geography and physical proximity irrelevant. Cyberharassment can take different forms (e.g., cyberbullying, cyberstalking, cybertrolling), and be motivated by the objectives of inflicting distress, exercising control, impersonation, and defamation. Little is currently known about the modus operandi of offenders and their psychological characteristics. Investigation of these behaviours is particularly challenging because it involves digital evidence distributed across the devices of both alleged offenders and victims, as well as online service providers, sometimes over an extended period of time. This special issue aims to improve understanding of cyberharassment from a multidisciplinary perspective in order to further develop theoretical knowledge and investigative practice

Adding transparency to uncertainty: An argument-based method for evaluative opinions

Over the past 15 years, digital evidence has been identified as a leading cause, or contributing factor, in wrongful convictions in England and Wales. To prevent legal decision-makers from being misled about the relevance and credibility of digital evidence and to ensure a fair administration of justice, adopting a balanced, systematic and transparent approach to evaluating digital evidence and disseminating results is crucial. This paper draws on general concepts from argumentation theory, combined with key principles and concepts from probabilistic and narrative/scenario approaches to develop arguments and analyse evidence. We present the “Argument-Based Method for Evaluative Opinions”, which is a novel method for producing argument-based evaluative opinions in the context of criminal investigation. The method may be used stand-alone or in combination with other qualitative or quantitative/statistical methods to produce evaluative opinions, highlighting the logical relationships between the components making up the argument supporting a hypothesis. To facilitate a structured assessment of the credibility and relevance of the individual argument components, we introduce an Argument Evaluation Scale and, ultimately, an Argument Matrix for a holistic determination of the probative value of the evidence

Defense Against Insider Threat: A framework for Gathering Goal-based Requirements

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. Despite their importance, insider threats are still not properly addressed by organizations. We contribute to reverse this situation by introducing a framework composed of a method for identification and assessment of insider threat risks and of two supporting deliverables for awareness of insider threat. The deliverables are: (i) attack strategies structured in four decomposition trees, and (ii) a matrix which correlates defense strategies, attack strategies and control principles. The method output consists of goal-based requirements for the defense against insiders

Technology, cyberstalking and domestic homicide: informing prevention and response strategies

An emerging concern in relation to the importance of technology and social media in everyday life relates to their ability to facilitate online and offline stalking, domestic violence and escalation to homicide. However, there has been little empirical research or policing and policy attention to this domain. This study examined the extent to which there was evidence of the role of technology and cyberstalking in domestic homicide cases based on the analysis of 41 Domestic Homicide Review (DHR) documents, made available by the Home Office (UK). Three interviews were also conducted with victims or family members of domestic homicide in the UK. It aimed to develop a deeper understanding of the role of technology in facilitating these forms of victimisation to inform further development of investigative practice, risk assessment and safeguarding procedures. Key themes identified by the thematic analysis undertaken related to behavioural and psychological indicators of cyberstalking, evidence of the role of technology in escalation to homicide and the digital capabilities of law enforcement. Overall, the results indicated that: (1) there was evidence of technology and social media playing a facilitating role in these behaviours, (2) the digital footprints of victims and perpetrators were often overlooked in police investigations and the DHR process and (3) determining the involvement of technology in such cases is important for risk assessment and earlier intervention to prevent escalation of behaviour to domestic homicide. It also indicates the importance of further developing evidence-based approaches to preventing and responding for victims, the police and other practitioners

Deepfake: Definitions, Performance Metrics and Standards, Datasets and Benchmarks, and a Meta-Review

Recent advancements in AI, especially deep learning, have contributed to a significant increase in the creation of new realistic-looking synthetic media (video, image, and audio) and manipulation of existing media, which has led to the creation of the new term ``deepfake''. Based on both the research literature and resources in English and in Chinese, this paper gives a comprehensive overview of deepfake, covering multiple important aspects of this emerging concept, including 1) different definitions, 2) commonly used performance metrics and standards, and 3) deepfake-related datasets, challenges, competitions and benchmarks. In addition, the paper also reports a meta-review of 12 selected deepfake-related survey papers published in 2020 and 2021, focusing not only on the mentioned aspects, but also on the analysis of key challenges and recommendations. We believe that this paper is the most comprehensive review of deepfake in terms of aspects covered, and the first one covering both the English and Chinese literature and sources

Age Appropriate Design: Assessment of TikTok, Twitch, and YouTube Kids

The presence of children in the online world is increasing at a rapid pace. As children interact with services such as video sharing, live streaming, and gaming, a number of concerns arise regarding their security and privacy as well as their safety. To address such concerns, the UK's Information Commissioner's Office (ICO) sets out 15 criteria alongside a risk management process for developers of online services for children. We present an analysis of 15 ICO criteria for age appropriate design. More precisely, we investigate whether those criteria provide actionable requirements for developers and whether video sharing and live streaming platforms that are used by children of different age ranges (i.e., TikTok, Twitch and YouTube Kids) comply with them. Our findings regarding the ICO criteria suggest that some criteria such as age verification and transparency provide adequate guidance for assessment whereas other criteria such as parental controls, reporting of inappropriate content, and handling of sensitive data need further clarification. Our findings regarding the platforms themselves suggest that they choose to implement the simplest form of self-declared age verification with limited parental controls and plenty of opportunities

Non-IP Industrial Networks: An Agnostic Anomaly Detection System

This paper describes a system to detect anomalies in non-IP (Internet Protocol) industrial networks on Industrial Control Systems (ICS). Non-IP industrial networks are widely applied in ICS to connect sensors and actuators to control systems or business networks. They were designed to be in an air-gapped security environment and therefore contain almost no cyber security features and are vulnerable to various attacks. Even though they are part of the communication layers, a few external cyber security controls are applied in this crucial tier. As an extension of the work by De Moura et al. (2021), this study proposes and tests the proof-of-concept of an agnostic anomaly detection system (AADS) to detect anomalies on any non-IP industrial network (e.g., DeviceNet, CANBus) as an additional cyber security measure working at the physical network layer. The proof-of-concept is comprised of three modules, including hardware and software components: data gathering (sniffer), parser, and detection. Testing the proof-of-concept in an industrial lab network (i.e., a Profibus-DP lab network) showed the proposal's feasibility with a detection rate above 99% (overall accuracy: 99.59%; F1-Score: 99.18%)

Towards Safer Industrial Serial Networks: An Expert System Framework for Anomaly Detection

Cyber security is a topic of increasing relevance in relation to industrial networks. The higher intensity and intelligent use of data pushed by smart technology (Industry 4.0) together with an augmented integration between the operational technology (production) and the information technology (business) parts of the network have considerably raised the level of vulnerabilities. On the other hand, many industrial facilities still use serial networks as underlying communication system, and they are notoriously limited from a cyber security perspective since protection mechanisms available for TCP/IP communication do not apply. Therefore, an attacker gaining access to a serial network can easily control the industrial components, potentially causing catastrophic incidents, jeopardizing assets and human lives. This study proposes a framework to act as an anomaly detection system (ADS) for industrial serial networks. It has three ingredients: an unsupervised K-means component to analyse message content, a knowledge-based expert system component to analyse message metadata, and a voting process to generate alerts for security incidents, anomalous states, and faults. The framework was evaluated using the Profibus-DP, a network simulator which implements a serial bus system. Results for the simulated traffic were promising: 99.90% for accuracy, 99,64% for precision, and 99.28% for F1-Score. They indicate feasibility of the framework applied to serial-based industrial networks

Technology-Facilitated Intimate Partner Violence: A multidisciplinary examination of prevalence, methods used by perpetrators and the impact of COVID-19.

A multidisciplinary team of academics from the University of Kent’s Institute for Cyber Security in Society (iCSS) received funding from the Home Office Domestic Abuse Perpetrators Fund to conduct research into the perpetration of Technology Facilitated Intimate Partner Violence (TFIPV). The project comprised of 4 workstreams: 1) A Rapid Evidence Assessment (REA) of the evidence base around TFIVP, 2) A thorough analysis of a representative sample of cases of TFIPV as reported to The Cyber Helpline, 3) interviews and surveys with Helpline Responders around their experiences responding to TFIPV and 4) a synthesis of the findings and a visual presentation