International Journal of Cyber-Security and Digital Forensics

5

Authors: Somdip Dey

In this paper, the author presents an advanced version of image encryption technique, which is itself an upgraded version of SD-EI image encryption method. In this new method, SD-EI Ver-2, there are more bit wise manipulations compared to original SD-EI method. The proposed method consist of three stages: 1) First, a number is generated from the password and each pixel of the image is converted to its equivalent eight binary number, and in that eight bit number, the number of bits, which are equal to the length of the number generated from the password, are rotated and reversed; 2) In second stage, extended hill cipher technique is applied by using involutory matrix, which is generated by same password used in second stage of encryption to make it more secure; 3) In last stage, we perform modified Cyclic Bit manipulation. First, the pixel values are again converted to their 8 bit binary format. Then 8 consecutive pixels are chosen and a 8X8 matrix is formed out of these 8 bit 8 pixels. After that, matrix cyclic operation is performed randomized number of times, which is again dependent on the password provided for encryption. After the generation of new 8 bit value of pixels, they are again converted to their decimal format and the new value is written in place of the old pixel value. SD-EI Ver-2 has been tested on different image files and the results were very satisfactory.

6

Authors: Julia Juremi, Ramlan Mahmod, Salasiah Sulaiman, Jazrin Ramli

This paper presents a new AES-like design for key- dependent AES using S-box rotation. The algorithm involves key expansion algorithm together with S-box rotation and this property can be used to make the S-box key-dependent, hence providing a better security to the block cipher. Fixed S-box allows attackers to study S- box and find weak points while by using key-dependent S-Box approach, it makes it harder for attacker to do any offline analysis of an attack of one particular set of S- boxes. The cipher structure resembles the original AES, only the S-box is made key-dependent without changing the value. This new design is tested using the NIST Statistical Test and will be further cryptanalyzed with algebraic attack in order to permit its subversion or evasion.

7

Authors: Kamarularifin Abd Jalil, Qatrunnada Binti Abdul Rahman

The deficient of a good authentication protocol in a ubiquitous application environment has made it a good target for adversaries. As a result, all the devices which are participating in such environment are said to be exposed to attacks such as identity impostor, man-in-the-middle attacks and also unauthorized attacks. Thus, this has created skeptical among the users and has resulted them of keeping their distance from such applications. For this reason, in this paper, we are proposing a new authentication protocol to be used in such environment. Unlike other authentication protocols which can be adopted to be used in such environment, our proposed protocol could avoid a single point of failures, implements trust level in granting access and also promotes decentralization. It is hoped that the proposed authentication protocol can reduce or eliminate the problems mentioned.

7

Authors: Ghassan Samara

Vehicular Ad hoc Network security is one of the hottest topics of research in the field of network security. One of the ultimate goals in the design of such networking is to resist various malicious abuses and security attacks. In this research new security mechanism is proposed to reduce the channel load resulted from frequent warning broadcasting happened in the adversary discovery process – Accusation Report (AR) - which produces a heavy channel load from all the vehicles in the road to report about any new adversary disovery. Furthermore, this mechanism will replace the Certificate Revocation List (CRL), which cause long delay and high load on the channel with Local Revocation List (LRL) which will make it fast and easy in the adversary discovery process.

7

Authors: Fazli Bin Mat Nor, Kamarularifin Abd Jalil, Jamalul-lail Ab Manan

Lack of security awareness amongst end users when dealing with online banking and electronic commerce leave many client side application vulnerabilities open. Thus, this is enables attackers to exploit the vulnerabilities and launch client-side attacks such as man-in-the-browser attack. The attack is designed to manipulate sensitive information via client’s application such as internet browser by taking advantage of the browser’s extension vulnerabilities. This attack exists due to lack of preventive measurement to detect any malicious changes on the client side platform. Therefore, in this paper we are proposing an enhanced remote authentication protocol with hardware based attestation and pseudonym identity enhancement to mitigate man-in-the-browser attacks as well as improving user identity privacy.

8

Authors: Alireza Tamjidyamcholo, Rawaa Dawoud Al-Dabbagh

Nowadays, information systems constitute a crucial part of organizations; by losing security, these organizations will lose plenty of competitive advantages as well. The core point of information security (InfoSecu) is risk management. There are a great deal of research works and standards in security risk management (ISRM) including NIST 800-30 and ISO/IEC 27005. However, only few works of research focus on InfoSecu risk reduction, while the standards explain general principles and guidelines. They do not provide any implementation details regarding ISRM; as such reducing the InfoSecu risks in uncertain environments is painstaking. Thus, this paper applied a genetic algorithm (GA) for InfoSecu risk reduction in uncertainty. Finally, the effectiveness of the applied method was verified through an example.

8

Authors: Kee-Won Kim, Jun-Cheol Jeon

Recently, various finite field arithmetic structures are introduced for VLSI circuit implementation on cryptosystems and error correcting codes. In this study, we present an efficient finite field arithmetic architecture based on cellular semi-systolic array for Montgomery multiplication by choosing a proper Montgomery factor which is highly suitable for the design on parallel structures. Therefore, our architecture has reduced a time complexity by 50% compared to typical architecture.

8

Authors: Liam Smit, Adrie Stander, Jacques Ophoff

An important feature within a mobile-cellular net- work is that the location of a cellphone can be determined. As long as the cellphone is powered on, the location of the cellphone can always be traced to at least the cell from which it is receiving, or last received, signal from the cellular network. Such network-based methods of estimating the location of a cellphone is useful in cases where the cellphone user is unable or unwilling to reveal his or her location, and have practical value in digital forensic investigations. This study investigates the accuracy of using mobile-cellular network base station information for estimating the location of cellphones. Through quantitative analysis of mobile-cellular network base station data, large variations between the best and worst accuracy of recorded location information is exposed. Thus, depending on the requirements, base station locations may or may not be accurate enough for a particular application.

9

Authors: Sina Manavi, Sadra Mohammadalian, Nur Izura Udzir, Azizol Abdullah

cloud security is one of the buzz words in cloud computing. Since virtualization is the fundamental of the cloud computing, needs to study it more deeply to avoid attacks and system failure. In this research is focused on virtualization vulnerabilities. In addition it is attempted to propose a model to secure and proper mechanism to react reasonable against the detected attack by intrusion detection system. With the secured model (SVM), virtual machines will be resist more efficiency against the attacks in cloud computing.

9

Authors: Mohd Anuar Mat Isa, Jamalul-lail Ab Manan, Ramlan Mahmod, Habibah Hashim, Nur Izura Udzir, Ali Dehghan Tanha, Mar Yah Said

International standard and certification play major role in product distributions and marketing activities. To be well accepted in global market, all IT products and services require international evaluation and certification such as Common Criteria (CC) certification. This paper discusses some of the security, trust and privacy issues in Common Criteria that would happen during evaluation and certification of IT products and services. Our main intention is to help interested stake holders in choosing a finest authorizing member of CC certification for IT products and services using our new trust model. The proposed trust models takes into account the dynamically changing international relationship among nations which produces an index value during selection of finest CC authorizing member. The trust models use game theory to identify the finest CC authorizing member. We hope to contribute to this area of research by lessening the “cost to market” of IT products and related services. It is anticipated that it would give positive impact on global business transaction by having better and wider acceptability using our models in the selection of the finest CC authorizing member, CC consumer, and vendor (manufacturer).

9

Authors: Ahmad Abusukhon, Mohamad Talib, Issa Ottoum

Security becomes an important issue when secure or sensitive information is sent over a network where all computers are connected together. In such a network a computer is recognized by its IP address. Unfortunately, an IP address is attacked by hackers; this is where one host claims to have the IP address of another host and thus sends packets to a certain machine causing it to take some sort of action. In order to overcome this problem cryptography is used. In cryptographic application, the data sent are encrypted first at the source machine using an encryption key then the encrypted data are sent to the destination machine. This way the attacker will not have the encryption key which is required to get the original data and thus the hacker is unable to do anything with the session. In this paper, we propose a novel method for data encryption. Our method is based on private key encryption. We call our method Text-To-Image Encryption (TTIE).

10

Authors: Davoud Mougouei, Wan Nurhayati Wan Ab. Rahman, Mohammad Moein Almasi

Addressing security in early stages of web service development has always been a major engineering trend. However, to assure security of web services it is required to perform security evaluation in a rigorous and tangible manner. The results of such an evaluation if performed in early stages of the development process can be used to improve the quality of the target web service. On the other hand, it is impossible to remove all of the security faults during the security analysis of web services. As a result, absolute security is never possible to achieve and a security failure may occur during the execution of web service. To avoid security failures, a measurable level of fault tolerance is required to be achieved through partial satisfaction of security goals. Thus any proposed measurement technique must care for this partiality. Even though there are some approaches toward assessing the security of web services but still there is no precise model for evaluation of security goal satisfaction specifically during the requirement engineering phase. This paper introduces a Security Measurement Model (SMM) for evaluating the Degree of Security (DS) in security requirements of web services by taking into consideration partial satisfaction of security goals. The proposed model evaluates overall security of the target service through measuring the security in Security Requirement Model (SRM) of the service. The proposed SMM also takes into account cost, technical ability, impact and flexibility as the key features of security evaluation.

10

Authors: A. Z. Yonis, M. F. L. Abdullah

Long Term Evolution (LTE-Advanced) is a preliminary mobile communication standard formally submitted as a candidate for 4G systems to the ITU-T. LTE-A is being standardized by the 3rd Generation Partnership Project (3GPP) as a major enhancement of the 3GPP Long Term Evolution (LTE-Release 8) standard, which proved to be sufficient to satisfy market‟s demand. The 3GPP group has been working on different aspects to improve LTE performance, where the purpose of the framework provided by LTE-Advanced, includes higher order MIMO, carrier aggregation (carriers with multiple components), peak data rate, and mobility. This paper presents a study on LTE evolution toward LTE-Advanced in terms of LTE enabling technologies (Orthogonal Frequency Division Multiplexing (OFDM) and Multiple-Input Multiple-Output (MIMO)), and also focuses on LTE- Advanced technologies MIMO enhancements for LTE-Advanced, Coordinated Multi Point transmission (CoMP).

12

Authors: Pin Shen Teh, Shigang Yue, Andrew B.J. Teoh

In this paper we study the performance and effect of diverse keystroke feature combinations on keystroke dynamics authentication system by using fusion approach. First of all, four types of keystroke features are acquired from our collected dataset, later then transformed into similarity scores by using Gaussian Probability Density Function (GPD) and Direction Similarity Measure (DSM). Next, three fusion approaches are introduced to merge the scores pairing with different combinations of fusion rules. Result shows that the finest performance is obtained by the combination of both dwell time and flight time collectively. Finally, this experiment also investigates the effect of using larger dataset on recognition performance, which turns out to be rather consistent.

13

Authors: Asou Aminnezhad, Ali Dehghantanha, Mohd Taufik Abdullah

Privacy issues have always been a major concern in computer forensics and security and in case of any investigation whether it is pertaining to computer or not always privacy issues appear. To enable privacy’s protection in the physical world we need the law that should be legislated, but in a digital world by rapidly growing of technology and using the digital devices more and more that generate a huge amount of private data it is impossible to provide fully protected space in cyber world during the transfer, store and collect data. Since its introduction to the field, forensics investigators, and developers have faced challenges in finding the balance between retrieving key evidences and infringing user privacy. This paper looks into developmental trends in computer forensics and security in various aspects in achieving such a balance. In addition, the paper analyses each scenario to determine the trend of solutions in these aspects and evaluate their effectiveness in resolving the aforementioned issues.

14

Authors: Hasan Alkahtani, Robert Goodwin, Paul Gardner-Stephen

This paper presents the results of a survey of email users in different regions of Saudi Arabia about email SPAM. The survey investigated the nature of email SPAM, how email users in the eastern, western, central, southern and northern dealt with it, and the efforts made to combat it. It also investigated the effectiveness of existing Anti-SPAM filters in detecting Arabic and English email SPAM. 1,500 participants located in the eastern, western, central, southern and northern regions of Saudi Arabia were surveyed and completed surveys were collected from 1,020 of the participants. The results showed that there were different definitions for email SPAM based on different users’ opinions in Saudi Arabia. The results showed that the participants in the central and western regions were more aware of SPAM than the participants in other regions. The results revealed that the volume of email SPAM was different from region to another and the volume of SPAM received by the participants in the northern and central regions was larger than that received in other regions. The results indicated that the majority of email SPAM received by the participants in different regions was written in English. The results showed that the most common type of email SPAM received in Arabic was emails related to forums and in English was phishing and fraud, and business advertisements. The results also showed that a few participants in all regions responded to SPAM and the average of the participants who responded to SPAM was larger in the southern region than other regions. The results showed that most of the participants were not aware of Anti-SPAM programs and the participants in the central region were more aware of Anti-SPAM programs than the participants in other regions. The results showed that the participants in all regions estimated that the existing Anti-SPAM programs were more effective in detecting English SPAM than Arabic SPAM. The results showed that most of the participants in all regions were not aware of the government efforts to combat SPAM and the participants in the central region were more aware of the government efforts than the participants in other regions. The results also showed that most of the participants in all regions were not aware of the ISPs efforts to combat SPAM and the participants in the central and western regions were more aware of the ISPs efforts than the participants in other regions.

15

Authors: Mouna Jouini, Anis Ben Aissa, Latifa Ben Arfa Rabai, Ali Mili

Cloud computing is a prospering technology that most organizations consider as a cost effective strategy to manage Information Technology (IT). It delivers computing services as a public utility rather than a personal one. However, despite the significant benefits, these technologies present many challenges including less control and a lack of security. In this paper, we illustrate the use of a cyber security metrics to define an economic security model for cloud computing system. We, also, suggest two cyber security measures in order to better understand system threats and, thus, propose appropriate counter measure to mitigate them.

17

Authors: Mohammed Ibrahim, Mohd Taufik Abdullah, Ali Dehghantanha

Voice over Internet Protocol (VoIP) is a new communication technology that uses internet protocol in providing phone services. VoIP provides various forms of benefits such as low monthly fee and cheaper rate in terms of long distance and international calls. However, VoIP is accompanied with novel security threats. Criminals often take advantages of such security threats and commit illicit activities. These activities require digital forensic experts to acquire, analyses, reconstruct and provide digital evidence. Meanwhile, there are various methodologies and models proposed in detecting, analysing and providing digital evidence in VoIP forensic. However, at the time of writing this paper, there is no model formalized for the reconstruction of VoIP malicious attacks. Reconstruction of attack scenario is an important technique in exposing the unknown criminal acts. Hence, this paper will strive in addressing that gap. We propose a model for reconstructing VoIP malicious attacks. To achieve that, a formal logic approach called Secure Temporal Logic of Action(S-TLA+) was adopted in rebuilding the attack scenario. The expected result of this model is to generate additional related evidences and their consistency with the existing evidences can be determined by means of S-TLA+ model checker.