Cyber Forensics on Internet of Things: Slicing and Dicing Raspberry Pi

Any device can now connect to the Internet, and Raspberry Pi is one of the more popular applications, enabling single-board computers to make robotics, devices, and appliances part of the Internet of Things (IoT). The low cost and customizability of Raspberry Pi makes it easily adopted and widespread. Unfortunately, the unprotected Raspberry Pi device—when connected to the Internet—also paves the way for cyber-attacks. Our ability to investigate, collect, and validate digital forensic evidence with confidence using Raspberry Pi has become important. This article discusses and presents techniques and methodologies for the investigation of timestamp variations between different Raspberry Pi ext4 filesystems (Raspbian vs. UbuntuMATE), comparing forensic evidence with that of other ext4 filesystems (i.e., Ubuntu), based on interactions within a private cloud, as well as a public cloud. Sixteen observational principles of file operations were documented to assist in our understanding of Raspberry Pi’s behavior in the cloud environments. This study contributes to IoT forensics for law enforcement in cybercrime investigations

Distributed Group Authentication for RFID Supply Management

We investigate an application of Radio Frequency Identification (RFID) referred to in the literature as group scanning, in which an RFID reader device interrogates several RFID tags to establish “simultaneous” presence of a group of tags. Our goal is to study the group scanning problem in strong adversarial settings and show how group scanning can be used in distributed applications for supply chain management. We present a security framework for group scanning and give a formal description of the attending security requirements. Our model is based on the Universal Composability framework and supports re-usability (through modularity of security guarantees). We propose two novel protocols that realize group scanning in this security model, based on off-the-shelf components such as low-cost (highly optimized) pseudorandom functions, and show how these can be integrated into RFID supply-chain management system

RFID ownership transfer with positive secrecy capacity channels

RFID ownership transfer protocols (OTPs) transfer tag ownership rights. Recently, there has been considerable interest in such protocols, however, guaranteeing privacy for symmetric-key settings without trusted third parties (TTPs) is a challenge still unresolved. In this paper, we address this issue and show that it can be solved by using channels with positive secrecy capacity. We implement these channels with noisy tags and provide practical values, thus proving that perfect secrecy is theoretically possible. We then define a communication model that captures spatiotemporal events and describe a first example of symmetric-key based OTP that: (i) is formally secure in the proposed communication model and (ii) achieves privacy with a noisy tag wiretap channel without TTPs

Attacks on Secure Ownership Transfer for Multi-Tag Multi-Owner Passive RFID Environments

Sundaresan et al proposed recently a novel ownership transfer protocol for multi-tag multi-owner RFID environments that complies with the EPC Class1 Generation2 standard. The authors claim that this provides individual-owner privacy and prevents tracking attacks. In this paper we show that this protocol falls short of its security objectives. We describe attacks that allow: a) an eavesdropper to trace a tag, b) the previous owner to obtain the private information that the tag shares with the new owner, and c) an adversary that has access to the data stored on a tag to link this tag to previous interrogations (forward-secrecy). We then analyze the security proof and show that while the first two cases can be solved with a more careful design, for lightweight RFID applications strong privacy remains an open problem

The POM Monoclonals: A Comprehensive Set of Antibodies to Non-Overlapping Prion Protein Epitopes

PrPSc, a misfolded and aggregated form of the cellular prion protein PrPC, is the only defined constituent of the transmissible agent causing prion diseases. Expression of PrPC in the host organism is necessary for prion replication and for prion neurotoxicity. Understanding prion diseases necessitates detailed structural insights into PrPC and PrPSc. Towards this goal, we have developed a comprehensive collection of monoclonal antibodies denoted POM1 to POM19 and directed against many different epitopes of mouse PrPC. Three epitopes are located within the N-terminal octarepeat region, one is situated within the central unstructured region, and four epitopes are discontinuous within the globular C-proximal domain of PrPC. Some of these antibodies recognize epitopes that are resilient to protease digestion in PrPSc. Other antibodies immunoprecipitate PrPC, but not PrPSc. A third group was found to immunoprecipitate both PrP isoforms. Some of the latter antibodies could be blocked with epitope-mimicking peptides, and incubation with an excess of these peptides allowed for immunochromatography of PrPC and PrPSc. Amino-proximal antibodies were found to react with repetitive PrPC epitopes, thereby vastly increasing their avidity. We have also created functional single-chain miniantibodies from selected POMs, which retained the binding characteristics despite their low molecular mass. The POM collection, thus, represents a unique set of reagents allowing for studies with a variety of techniques, including western blotting, ELISA, immunoprecipitation, conformation-dependent immunoassays, and plasmon surface plasmon resonance-based assays