Your search keyword '"005.8 Data security"' showing total 58 results

1. Embedded document security using sticky policies and identity based encryption

Author

Spyra, Grzegorz Karol and Buchanan, William J.

Subjects

005.8, data security, encryption, document security, data sharing, authentication, 005.8 Data security, QA75 Electronic computers. Computer science, Cyber-security, Information Society

Abstract

Data sharing domains have expanded over several, both trusted and insecure environments. At the same time, the data security boundaries have shrunk from internal network perimeters down to a single identity and a piece of information. Since new EU GDPR regulations, the personally identifiable information sharing requires data governance in favour of a data subject. Existing enterprise grade IRM solutions fail to follow open standards and lack of data sharing frameworks that could efficiently integrate with existing identity management and authentication infrastructures. IRM services that stood against cloud demands often offer a very limited access control functionality allowing an individual to store a document online giving a read or read-write permission to other individual identified by email address. Unfortunately, such limited information sharing controls are often introduced as the only safeguards in large enterprises, healthcare institutions and other organizations that should provide the highest possible personal data protection standards. The IRM suffers from a systems architecture vulnerability where IRM application installed on a semi-trusted client truly only guarantees none or full access enforcement. Since no single authority is contacted to verify each committed change the adversary having an advantage of possessing data-encrypting and key-encrypting keys could change and re-encrypt the amended content despite that read only access has been granted. Finally, the two evaluated IRM products, have either the algorithm security lifecycle (ASL) relatively short to protect the shared data, or the solution construct highly restrained secure key-encrypting key distribution and exposes a symmetric data-encrypting key over the network. Presented here sticky policy with identity-based encryption (SPIBE) solution was designed for secure cloud data sharing. SPIBE challenges are to deliver simple standardized construct that would easily integrate with popular OOXML-like document formats and provide simple access rights enforcement over protected content. It leverages a sticky policy construct using XACML access policy language to express access conditions across different cloud data sharing boundaries. XACML is a cloud-ready standard designed for a global multi-jurisdictional use. Unlike other raw ABAC implementations, the XACML offers a standardised schema and authorisation protocols hence it simplifies interoperability. The IBE is a cryptographic scheme protecting the shared document using an identified policy as an asymmetric key-encrypting a symmetric data-encrypting key. Unlike ciphertext-policy attribute-based access control (CP-ABE), the SPIBE policy contains not only access preferences but global document identifier and unique version identifier what makes each policy uniquely identifiable in relation to the protected document. In IBE scheme the public key-encrypting key is known and could be shared between the parties although the data-encrypting key is never sent over the network. Finally, the SPIBE as a framework should have a potential to protect data in case of new threats where ASL of a used cryptographic primitive is too short, when algorithm should be replaced with a new updated cryptographic primitive. The IBE like a cryptographic protocol could be implemented with different cryptographic primitives. The identity-based encryption over isogenous pairing groups (IBE-IPG) is a post-quantum ready construct that leverages the initial IBE Boneh-Franklin (IBE-BF) approach. Existing IBE implementations could be updated to IBE-IPG without major system amendments. Finally, by applying the one document versioning blockchain-like construct could verify changes authenticity and approve only legitimate document updates, where other IRM solutions fail to operate delivering the one single authority for non-repudiation and authenticity assurance.

Published

2019

2. RESCUE : evaluation of a fragmented secret share system in distributed-cloud architecture

Author

Ukwandu, Elochukwu Anthony, Buchanan, William J., and Russell, Gordon

Subjects

005.8, Fragmented Secret Share System (FSSS), key management, scalability, resilience, data sharing, 005.8 Data security, QA75 Electronic computers. Computer science, Cyber-security, Information Society

Abstract

Scaling big data infrastructure using multi-cloud environment has led to the demand for highly secure, resilient and reliable data sharing method. Several variants of secret sharing scheme have been proposed but there remains a gap in knowledge on the evaluation of these methods in relation to scalability, resilience and key management as volume of files generated increase and cloud outages persist. In line with these, this thesis presents an evaluation of a method that combines data fragmentation with Shamir's secret sharing scheme known as Fragmented Secret Share System (FSSS). It applies data fragmentation using a calculated optimum fragment size and encrypts each fragment using a 256-bit AES key length before dispersal to cloudlets, the encryption key is managed using secret sharing methods as used in cryptography. Four experiments were performed to measure the scalability, resilience and reliability in key management. The first and second experiments evaluated scalability using defined fragment blocks and an optimum fragment size. These fragment types were used to break file of varied sizes into fragments, and then encrypted and dispersed to the cloud, and recovered when required. Both were used in combination of different secret sharing policies for key management. The third experiment tested file recovery during cloud failures, while the fourth experiment focused on efficient key management. The contributions of this thesis are of two ways: development of evaluation frameworks to measure scalability and resilience of data sharing methods; and the provision of information on relationships between file sizes and share policies combinations. While the first aimed at providing platform to measure scalability from the point of continuous production as file size and volume increase, and resilience as the potential to continue operation despite cloud outages; the second provides experimental frameworks on the effects of file sizes and share policies on overall system performance. The results of evaluation of FSSS with similar methods showed that the fragmentation method has less overhead costs irrespective of file sizes and the share policy combination. That the inherent challenges in secret sharing scheme can only be solved through alternative means such as combining secret sharing with other data fragmentation method. In all, the system is less of any erasure coding technique, making it difficult to detect corrupt or lost fragment during file recovery.

Published

2019

3. An agent-based Bayesian method for network intrusion detection

Author

Pikoulas, John and Buchanan, William J.

Subjects

005.8, Security, network intrusion detection systems, firewalls, secure sockets, user authentication, user behaviour, agent-based approach, Bayesian statistics, 005.8 Data security, QA75 Electronic computers. Computer science, Cyber-security

Abstract

Security is one of the major issues in any network and on the Internet. It encapsulates many different areas, such as protecting individual users against intruders, protecting corporate systems against damage, and protecting data from intrusion. It is obviously impossible to make a network totally secure, as there are so many areas that must be protected. This thesis includes an evaluation of current techniques for internal misuse of computer systems, and tries to propose a new way of dealing with this problem. This thesis proposes that it is impossible to fully protect a computer network from intrusion, and shows how different methods are applied at differing levels of the OSI model. Most systems are now protected at the network and transport layer, with systems such as firewalls and secure sockets. A weakness, though, exists in the session layer that is responsible for user logon and their associated password. It is thus important for any highly secure system to be able to continually monitor a user, even after they have successfully logged into the system. This is because once an intruder has successfully logged into a system, they can use it as a stepping-stone to gain full access (often right up to the system administrator level). This type of login identifies another weakness of current intrusion detection systems, in that they are mainly focused on detecting external intrusion, whereas a great deal of research identifies that one of the main problems is from internal intruders, and from staff within an organisation. Fraudulent activities can often he identified by changes in user behaviour. While this type of behaviour monitoring might not be suited to most networks, it could be applied to high secure installations, such as in government, and military organisations. Computer networks are now one of the most rapidly changing and vulnerable systems, where security is now a major issue. A dynamic approach, with the capacity to deal with and adapt to abrupt changes, and be simple, will provide an effective modelling toolkit. Analysts must be able to understand how it works and be able to apply it without the aid of an expert. Such models do exist in the statistical world, and it is the purpose of this thesis to introduce them and to explain their basic notions and structure. One weakness identified is the centralisation and complex implementation of intrusion detection. The thesis proposes an agent-based approach to monitor the user behaviour of each user. It also proposes that many intrusion detection systems cannot cope with new types of intrusion. It thus applies Bayesian statistics to evaluate user behaviour, and predict the future behaviour of the user. The model developed is a unique application of Bayesian statistics, and the results show that it can improve future behaviour prediction than existing ARIMA models. The thesis argues that the accuracy of long-term forecasting questionable, especially in systems that have a rapid and often unexpected evolution and behaviour. Many of the existing models for prediction use long-term forecasting, which may not be the optimal type for intrusion detection systems. The experiments conducted have varied the number of users and the time interval used for monitoring user behaviour. These results have been compared with ARIMA, and an increased accuracy has been observed. The thesis also shows that the new model can better predict changes in user behaviour, which is a key factor in identifying intrusion detection. The thesis concludes with recommendations for future work, including how the statistical model could be improved. This includes research into changing the specification of the design vector for Bayesian. Another interesting area is the integration of standard agent communication agents, which will make the security agents more social in their approach and be able to gather information from other agents

Published

2003

4. An authentication protocol based on chaos and zero knowledge proof

Author

William J Buchanan, Jawad Ahmad, and Will Major

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Port knocking, Computer science, QA75 Electronic computers. Computer science, Aerospace Engineering, Ocean Engineering, 02 engineering and technology, Cyber-security, 01 natural sciences, Firewall (construction), Server, 0103 physical sciences, Centre for Distributed Computing, Networking and Security, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, 010301 acoustics, Password, Stateless protocol, Authentication, business.industry, Applied Mathematics, Mechanical Engineering, 020206 networking & telecommunications, Port (computer networking), AI and Technologies, Computer Science - Distributed, Parallel, and Cluster Computing, 005.8 Data security, Control and Systems Engineering, Authentication protocol, Distributed, Parallel, and Cluster Computing (cs.DC), business, Cryptography and Security (cs.CR), Computer network

Abstract

Port Knocking is a method for authenticating clients through a closed stance firewall, and authorising their requested actions, enabling severs to offer services to authenticated clients, without opening ports on the firewall. Advances in port knocking have resulted in an increase in complexity in design, preventing port knocking solutions from realising their potential. This paper proposes a novel port knocking solution, named Crucible, which is a secure method of authentication, with high usability and features of stealth, allowing servers and services to remain hidden and protected. Crucible is a stateless solution, only requiring the client memorise a command, the server's IP and a chosen password. The solution is forwarded as a method for protecting servers against attacks ranging from port scans, to zero-day exploitation. To act as a random oracle for both client and server, cryptographic hashes were generated through chaotic systems., J. Nonlinear Dyn (2020)

Published

2020

5. A Forensic Audit of the Tor Browser Bundle

Author

William J Buchanan, Matt Muir, and Petra Leimich

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, QA75 Electronic computers. Computer science, 02 engineering and technology, Audit, Cyber-security, Computer security, computer.software_genre, Encryption, Footprint, Digital forensics, Tor, Windows 10, Centre for Distributed Computing, Networking and Security, 0202 electrical engineering, electronic engineering, information engineering, Protocol (object-oriented programming), Focus (computing), Network connection, business.industry, 020207 software engineering, AI and Technologies, Computer Science Applications, Medical Laboratory Technology, 005.8 Data security, Bundle, 020201 artificial intelligence & image processing, business, Cryptography and Security (cs.CR), Law, Host (network), computer

Abstract

The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind digital artefacts which can be used by an investigator. This paper outlines an experimental methodology and provides results for evidence trails which can be used within real-life investigations.

Published

2019

6. A Comprehensive Survey of Security Threats and their Mitigation Techniques for next-generation SDN Controllers

Author

Rahim Khan, Zhiyuan Tan, Muhammad Usman, Yongzhao Xu, Tao Han, Mian Ahmad Jan, and Syed Roohullah Jan

Subjects

Denial of Service attacks, Computer Networks and Communications, Computer science, QA75 Electronic computers. Computer science, Spoofing attacks, Denial-of-service attack, Malicious injection attacks, Software Defined Networks, Cyber-security, Computer security, computer.software_genre, Controller, Computer Science Applications, Theoretical Computer Science, AI and Technologies, Computational Theory and Mathematics, Control theory, 005.8 Data security, Centre for Distributed Computing, Networking and Security, Link Flooding attacks, Software-defined networking, computer, Software

Abstract

Software Dened Network (SDN) and Network Virtualization (NV) are emerged paradigms that simplied the control and management of the next generation networks, most importantly, Internet of Things (IoT), Cloud Computing, and Cyber-Physical Systems. The Internet of Things (IoT) includes a diverse range of a vast collection of heterogeneous devices that require interoperable communication, scalable platforms and security provisioning. Security provisioning to an SDN based IoT network pose a real security challenge leading to various serious security threats due to the connection of various heterogeneous devices having a wide range of access protocols . Furthermore, the logical centralized controlled intelligence of the SDN architecture represents a plethora of security challenges due to its single point of failure. it may throw the en tire network into chaos and thus expose it to various known and unknown security threats and attacks. security of SDN controlled IoT environment is still in infancy and thus remains the prime research agenda for both the industry and academia. This paper comprehensively reviews the current state-of-the-art security threats, vulnerabilities and issues at the control plane. Moreover, this paper contributes by presenting a detailed classfication of various security attacks on the control layer. A comprehensive state-of-the-art review of the latest mitigation techniques for various security breaches is also presented. Finally, the paper presents future research directions and challenges for further investigation down the line.

Published

2020

7. Trust-aware and Cooperative Routing Protocol for IoT Security

Author

Faiza Medjek, Imed Romdhani, Nabil Djedjig, and Djamel Tandjaoui

Subjects

Routing protocol, Computer Networks and Communications, Computer science, business.industry, Network packet, QA75 Electronic computers. Computer science, 020206 networking & telecommunications, Throughput, 02 engineering and technology, Encryption, Metrics, Consistency (database systems), RPL, Secure routing, Internet of things, Trust management, Game theory, Cooperation enforcement, 005.8 Data security, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Routing (electronic design automation), Networks, Safety, Risk, Reliability and Quality, business, Game theory, Software, Computer network

Abstract

The resource-constrained nature of IoT objects makes the Routing Protocol for Low-power and Lossy Networks (RPL) vulnerable to several attacks. Although RPL specification provides encryption protection to control messages, RPL is still vulnerable to internal attackers and selfish behaviours. To address the lack of robust security mechanisms in RPL, we design a new Metric-based RPL Trustworthiness Scheme (MRTS) that introduces trust evaluation for secure routing topology construction. Extensive simulations show that MRTS is efficient in terms of packet delivery ratio, energy consumption, nodes’ rank changes, and throughput. In addition, a mathematical modelling analysis shows that MRTS meets the requirements of consistency, optimality, and loop-freeness and that the proposed trust-based routing metric has the isotonicity and monotonicity properties required for a routing protocol. By using game theory concepts, we formally describe MRTS as a strategy for the iterated Prisoner’s Dilemma and demonstrate its cooperation enforcement characteristic. Both mathematical analysis and evolutionary simulation results show clearly that MRTS, as a strategy, is an efficient approach in promoting the stability and the evolution of the Internet of Things network.

Published

2020

8. MRC4: A Modified RC4 Algorithm Using Symmetric Random Function Generator for Improved Cryptographic Features

Author

Rahul Saha, G. Geetha, Gulshan Kumar, Tai-Hoon Kim, and William J. Buchanan

Subjects

General Computer Science, Computer science, QA75 Electronic computers. Computer science, Cryptography, security, RC4, Cyber-security, RC4, Random Number, Security, Cipher, random number, cipher, Centre for Distributed Computing, Networking and Security, General Materials Science, Stream cipher, Randomness, Pseudorandom number generator, business.industry, General Engineering, Random function, AI and Technologies, Symmetric-key algorithm, Cipher, 005.8 Data security, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971, Algorithm

Abstract

The Rivest Cipher 4 (RC4) has been one of the most popular stream ciphers for providing symmetric key encryption, and is now proposed as an efficient cipher within light-weight cryptography. As an algorithm it has been considered to be one of the fastest stream ciphers and one of the easiest to implement. Unfortunately, despite its simplicity of usage, a number of attacks on it have been found. Therefore, various improvements of this algorithm exist in cryptography, but none of them use proper randomness. This paper outlines modified version of RC4 and which has the desirable features of an efficient stream cipher algorithm, and which integrates the Symmetric Random Function Generator (SRFG) method. Though RC4 uses pseudorandom features with an initialisation vector and a seed value, the use of true randomness in RC4 is novel in this domain. Therefore, this paper proposes a modified RC4 as MRC4, and which then evaluates the statistical features of MRC4 based upon parameters such as non-linearity, resiliency, balancedness, propagation and immunity. Further, we have compared the security features and confusion-diffusion attributes with some recent variants of RC4 and have found that MRC4 is efficient in withstanding against attacks. The experimental results show that MRC4 supports a 60% better confusion property and 50% better diffusion as compared to the original RC4 method.

Published

2019

9. Impact of cyberattacks on stock performance: a comparative study

Author

Francis Atsu, Samuel Tweneboah-Kodua, and William J Buchanan

Subjects

Information Systems and Management, Computer Networks and Communications, QA75 Electronic computers. Computer science, Data breach, Monetary economics, Cyber-security, Management Information Systems, Stock performance, Event study methodology, Abnormal returns, Cumulative average returns, Impact of cyberattack, Data breaches, Management of Technology and Innovation, 0502 economics and business, Centre for Distributed Computing, Networking and Security, 050207 economics, Financial services, Stock (geology), Retail sector, 050208 finance, business.industry, Event study methodology, 05 social sciences, Information technology, Cumulative effects, AI and Technologies, 005.8 Data security, business, Software, Information Systems, Financial sector

Abstract

Purpose The study uses cyberattacks announcements on 96 firms that are listed on S&P 500 over the period from January 03, 2013, to December 29, 2017. Design/methodology/approach The empirical analysis was performed in two ways: cross-section and industry level. The authors use statistical tests that account for the effects of cross-section correlation in returns, returns series correlation, volatility changes and skewness in the returns. Findings These imply that studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative; financial sector firms tend to react cumulatively to cyberattacks over a three-day period than other sectors; and technology firms tend to be less reactive to the announcement of a data breach. Such firms may possibly have the necessary tools and techniques to address large-scale cyberattacks. Research limitations/implications For cross-section analysis, the outcome shows that the market does not significantly react to cyberattacks for all the event windows, except [−30, 30], while for the sector-level analysis, the analysis offers two main results. Practical implications First, while there is a firm reaction to cyberattacks for long event window for retail sector, there is no evidence of a cumulative firm reaction to cyberattacks for both short and long event windows for the industrial, information technology and health sectors. Second, the firms in the financial sector, there is a strong evidence of cumulative reaction to cyberattacks for [−1, 1] for the financial industry, and the reactions disappear for relatively longer event windows. Social implications These imply that studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative, the financial sector firms tend to react cumulatively to cyberattacks over a three-day period than other sectors, technology firms tend to be less reactive to the announcement of a data breach, possibly such firms may have the necessary tools and techniques to address large-scale cyberattacks. Originality/value The work provides new insights into the effect of cyber security on stock prices.

Published

2018

10. Copy-move forgery detection using combined features and transitive matching

Author

Lin, Cong, Lu, Wei, Huang, Xinchao, Liu, Ke, Sun, Wei, Lin, Hanhui, and Tan, Zhiyuan

Subjects

QA76 Computer software, Computer Networks and Communications, Hardware and Architecture, 005.8 Data security, Media Technology, Centre for Distributed Computing, Networking and Security, Cyber-security, Software, AI and Technologies

Abstract

Recently, the research of Internet of Things (IoT) and Multimedia Big Data (MBD) has been growing tremendously. Both IoT and MBD have a lot of multimedia data, which can be tampered easily. Therefore, the research of multimedia forensics is necessary. Copy-move is an important branch of multimedia forensics. In this paper, a novel copy-move forgery detection scheme using combined features and transitive matching is proposed. First, SIFT and LIOP are extracted as combined features from the input image. Second, transitive matching is used to improve the matching relationship. Third, a filtering approach using image segmentation is proposed to filter out false matches. Fourth, affine transformations are estimated between these image patches. Finally, duplicated regions are located based on those affine transformations. The experimental results demonstrate that the proposed scheme can achieve much better detection results on the public database under various attacks.

Published

2019

11. A caching and spatial K-anonymity driven privacy enhancement scheme in continuous location-based services

Author

Zhang, Shaobo, Li, Xiong, Tan, Zhiyuan, Peng, Tao, and Wang, Guojun

Subjects

Location privacy, multi-level caching, spatial K-anonymity, user mobility, cache hit rate, QA76 Computer software, 005.8 Data security, Centre for Distributed Computing, Networking and Security, Cyber-security, AI and Technologies

Abstract

With the rapid pervasion of location-based services (LBSs), protection of location privacy has become a significant concern. In most continuous LBSs' privacy-preserving solutions, users need to transmit the location query data to an untrusted location service provider (LSP) to obtain query results, and the users discard these results immediately after using them. This results in an ineffective use of these results by future queries and in turn leads to a higher risk to user privacy from the LSP. To address these issues, we generally use caching to cache the query results for users' future queries. However, the minimization of the interaction between users and LSPs is a challenge. In this paper, we propose an enhanced user privacy scheme through caching and spatial K-anonymity (CSKA) in continuous LBSs; it adopts multi-level caching to reduce the risk of exposure of users' information to untrusted LSPs. In continuous LBS queries, our scheme first utilizes the Markov model to predict the next query location according to the user mobility. Then, according to the predicted location, cell's cache contribution rate, and data freshness, an algorithm for forming spatial K-anonymity is designed to improve the user's cache hit rate and enhance the user location privacy. The security analysis and simulation results demonstrate that our proposed CSKA scheme can provide higher privacy protection than a few previous methods, and it can minimize the overhead of the LBS server.

Published

2019

12. Design of Multi-View Based Email Classification for IoT Systems via Semi-Supervised Learning

Author

Wenjuan Li, Weizhi Meng, Yang Xiang, and Zhiyuan Tan

Subjects

Multi-View Data, IoT Security, Computer Networks and Communications, Computer science, Semi-Supervised Learning, IoT security, 02 engineering and technology, Semi-supervised learning, Cyber-security, Machine learning, computer.software_genre, QA76 Computer software, Email classification, Web page, 0202 electrical engineering, electronic engineering, information engineering, Centre for Distributed Computing, Networking and Security, Disagreement-based learning, business.industry, 020206 networking & telecommunications, Phishing, Multi-view data, Computer Science Applications, AI and Technologies, ComputingMethodologies_PATTERNRECOGNITION, View based, Email Classification, Hardware and Architecture, 005.8 Data security, Labeled data, 020201 artificial intelligence & image processing, Artificial intelligence, Internet of Things, business, Classifier (UML), computer, Disagreement-based Learning

Abstract

Suspicious emails are one big threat for Internet of Things (IoT) security, which aim to induce users to click and then redirect them to a phishing webpage. To protect IoT systems, email classification is an essential mechanism to classify spam and legitimate emails. In the literature, most email classification approaches adopt supervised learning algorithms that require a large number of labeled data for classifier training. However, data labeling is very time consuming and expensive, making only a very small set of data available in practice, which would greatly degrade the effectiveness of email classification. To mitigate this problem, in this work, we develop an email classification approach based on multi-view disagreement-based semi-supervised learning. The idea behind is that multi-view method can offer richer information for classification, which is often ignored by the literature. The use of semi-supervised learning can help leverage both labeled and unlabeled data. In the evaluation, we investigate the performance of our proposed approach with two datasets and in a real network environment. Experimental results demonstrate that the use of multi-view data can achieve more accurate email classification than the use of single-view data, and that our approach is more effective as compared to several existing similar algorithms.

Published

2019

13. Top 10 Blockchain Predictions for the (Near) Future of Healthcare

Author

Vikram Dhillon, Manouchehr Mokhtari, Dennis A. Porto, William J Buchanan, John Halamka, Florence D. Hudson, Tory Cenaj, Anh L. Ngo, Gil Alterovitz, Ana Santos Rutschman, and Kevin A. Clauson

Subjects

Licensure, Blockchain, Monetization, business.industry, QA75 Electronic computers. Computer science, Blockchain, consent, genome, healthcare, preiction, medical records, providers, infrastructure, monetization, remittance, startups, supply chain, Public relations, Cyber-security, Credentialing, AI and Technologies, Alliance, 005.8 Data security, Health care, Ledger, Centre for Distributed Computing, Networking and Security, General Earth and Planetary Sciences, Paragraph, business, General Environmental Science

Abstract

To review blockchain lessons learned in 2018 and near-future predictions for blockchain in healthcare, Blockchain in Healthcare Today (BHTY) asked the world's blockchain in healthcare experts to share their insights. Here, our internationally-renowned BHTY peer-review board discusses their major predictions.Based on their responses, presented in detail below, ten major themes (Table ) for the future of blockchain in healthcare will emerge over the 12 months. CORRIGENDUM: This following paragraph has been corrected (page 3, first paragraph) from: "Fourth, with over 1000 insurance companies in the country, filling out paperwork to documentprovider training and licensure is a nightmare. The Synaptic Health Alliance aims to simplifythis process by putting all credentialing information on a distributed public ledger for all stakeholders to access.1" To: "Fourth, keeping health care provider directories maintained by health plans up-to-date is a critical, complex issue facing organizations across the health care system. The first project of the Synaptic Health Alliance aims to simplify this process by putting provider demographic information on a permissioned blockchain for Alliance members to access and maintain.1"

Published

2019

14. Quantum-to-the-Home: Achieving Gbits/s Secure Key Rates via Commercial Off-the-Shelf Telecommunication Equipment

Author

William J Buchanan and Rameez Asif

Subjects

Quantum communications, Article Subject, Computer Networks and Communications, Computer science, QA75 Electronic computers. Computer science, Information science, Internet of Things, Encryption, Key distribution, Cyber-security, Quantum key distribution, 01 natural sciences, Multiplexer, Multiplexing, 010309 optics, Secret Key Distribution, lcsh:Technology (General), 0103 physical sciences, Phase noise, Centre for Distributed Computing, Networking and Security, Electronic engineering, lcsh:Science (General), 010306 general physics, Telecommunications equipment, Digital signal processing, business.industry, AI and Technologies, Network Security, 005.8 Data security, Signal Processing, Cryptography, Broadband Networks, lcsh:T1-995, Networks, Telecommunications, business, lcsh:Q1-390, Information Systems

Abstract

There is current significant interest in Fiber-to-the-Home (FTTH) networks, that is, end-to-end optical connectivity. Currently, it may be limited due to the presence of last-mile copper wire connections. However, in near future, it is envisaged that FTTH connections will exist, and a key offering would be the possibility of optical encryption that can best be implemented using Quantum Key Distribution (QKD). However, it is very important that the QKD infrastructure is compatible with the already existing networks for a smooth transition and integration with the classical data traffic. In this paper, we report the feasibility of using off-the-shelf telecommunication components to enable high performance Continuous Variable-Quantum Key Distribution (CV-QKD) systems that can yield secure key rates in the range of 100 Mbits/s under practical operating conditions. Multilevel phase modulated signals (m-PSK) are evaluated in terms of secure key rates and transmission distances. The traditional receiver is discussed, aided by the phase noise cancellation based digital signal processing module for detecting the complex quantum signals. Furthermore, we have discussed the compatibility of multiplexers and demultiplexers for wavelength division multiplexed Quantum-to-the-Home (QTTH) network and the impact of splitting ratio is analyzed. The results are thoroughly compared with the commercially available high-cost encryption modules.

Published

2017

15. Will quantum computers be the end of public key encryption?

Author

Alan Woodward and William J Buchanan

Subjects

Quantum sort, Post-quantum cryptography, business.industry, QA75 Electronic computers. Computer science, Shor's algorithm, Cryptography, Cyber-security, Computer security, computer.software_genre, 01 natural sciences, AI and Technologies, 010305 fluids & plasmas, Public-key cryptography, Quantum cryptography, 005.8 Data security, 0103 physical sciences, Post-quantum cryptography, Shor’s algorithm, hidden subset problem, Centre for Distributed Computing, Networking and Security, Quantum information, 010306 general physics, business, computer, Mathematics, Quantum computer

Abstract

The emergence of practical quantum computers poses a significant threat to the most popular public key cryptographic schemes in current use. While we know that the well-understood algorithms for factoring large composites and solving the discrete logarithm problem run at best in superpolynomial time on conventional computers, new, less well understood algorithms run in polynomial time on certain quantum computer architectures. Many appear to be heralding this next step in computing as ‘the end of public key encryption’. We argue that this is not the case and that there are many fields of mathematics that can be used for creating ‘quantum resistant’ cryptographic schemes. We present a high-level review of the threat posed by quantum computers, using RSA and Shor’s algorithm as an example but we explain why we feel that the range of quantum algorithms that pose a threat to public key encryption schemes is likely to be limited in future. We discuss some of the other schemes that we believe could form the basis for public key encryption schemes, some of which could enter widespread use in the very near future, and indicate why some are more likely to be adopted.

Published

2016

16. Decrypting live SSH traffic in virtual environments

Author

Peter McLaren, Gordon Russell, William J. Buchanan, and Zhiyuan Tan

Subjects

FOS: Computer and information sciences, IoT, Computer Science - Cryptography and Security, Computer science, decryption, QA75 Electronic computers. Computer science, Culture and Communities, Internet of Things, network traffic, Audit, memory analysis, Cyber-security, Encryption, Computer security, computer.software_genre, Android, Centre for Distributed Computing, Networking and Security, SSH, Secure Shell, Protocol (object-oriented programming), Focus (computing), AES, business.industry, data exfiltration, VMI, AI and Technologies, Computer Science Applications, Secure File Transfer, Medical Laboratory Technology, 005.8 Data security, Bundle, insider attacks, Networks, business, Law, computer, Host (network), Cryptography and Security (cs.CR)

Abstract

Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDecrypt framework to investigate the discovery of encrypted artefacts in memory and applies the methodology to decrypting the secure communications of virtual machines. For Secure Shell, used for secure remote server management, file transfer, and tunnelling inter alia, MemDecrypt experiments rapidly yield AES-encrypted details for a live secure file transfer including remote user credentials, transmitted file name and file contents. Thus, MemDecrypt discovers cryptographic artefacts and quickly decrypts live SSH malicious communications including the detection and interception of data exfiltration of confidential data.

Published

2019

17. The Challenges of Investigating Cryptocurrencies and Blockchain Related Crime

Author

William J Buchanan, Liam Bell, and Simon Dyson

Subjects

FOS: Computer and information sciences, blockchain, Cryptocurrency, Computer Science - Cryptography and Security, Internet privacy, Face (sociological concept), ComputingMilieux_LEGALASPECTSOFCOMPUTING, Cyber-security, Computer Science - Computers and Society, Blockchain, cryptocurency, crime, fraud, ring signatures, QA76 Computer software, Computers and Society (cs.CY), Centre for Distributed Computing, Networking and Security, T1-995, Technology (General), crime, business.industry, Law enforcement, Money laundering, ring signatures, cryptocurrency, AI and Technologies, Balance (accounting), 005.8 Data security, Financial transaction, fraud, business, Cryptography and Security (cs.CR), Financial fraud, Right to privacy

Abstract

We increasingly live in a world where there is a balance between the rights to privacy and the requirements for consent, and the rights of society to protect itself. Within this world, there is an ever-increasing requirement to protect the identities involved within financial transactions, but this makes things increasingly difficult for law enforcement agencies, especially in terms of financial fraud and money laundering. This paper reviews the state-of-the-art in terms of the methods of privacy that are being used within cryptocurrency transactions, and in the challenges that law enforcement face.

Published

2018

18. SMK-means: An Improved Mini Batch K-means Algorithm Based on Mapreduce with Big Data

Author

Liu, Xiaodong, Xiao, Bo, Wang, Zhen, and Liu, Qi

Subjects

Big data, outlier detection, SMK-means, Mini Batch K-means, simulated annealing, 005.8 Data security, QA75 Electronic computers. Computer science, Centre for Algorithms, Visualisation and Evolving Systems, Software systems, AI and Technologies

Abstract

In recent years, the rapid development of big data technology has also been favored by more and more scholars. Massive data storage and calculation problems have also been solved. At the same time, outlier detection problems in mass data have also come along with it. Therefore, more research work has been devoted to the problem of outlier detection in big data. However, the existing available methods have high computation time, the improved algorithm of outlier detection is presented, which has higher performance to detect outlier. In this paper, an improved algorithm is proposed. The SMK-means is a fusion algorithm which is achieved by Mini Batch K-means based on simulated annealing algorithm for anomalous detection of massive household electricity data, which can give the number of clusters and reduce the number of iterations and improve the accuracy of clustering. In this paper, several experiments are performed to compare and analyze multiple performances of the algorithm. Through analysis, we know that the proposed algorithm is superior to the existing algorithms.

Published

2018

19. Fingerprinting JPEGs With Optimised Huffman Tables

Author

Petra Leimich, Gordon Russell, and Sean McKeown

Subjects

Computer science, QA75 Electronic computers. Computer science, Digital forensics, 020207 software engineering, Image processing, 02 engineering and technology, General Medicine, Cyber-security, Huffman coding, AI and Technologies, symbols.namesake, Digital Forensics, 005.8 Data security, Computer graphics (images), 0202 electrical engineering, electronic engineering, information engineering, symbols, digital forensics, image comparison, image processing, known file analysis, partial file analysis, Centre for Distributed Computing, Networking and Security, 020201 artificial intelligence & image processing

Abstract

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given medium, and comparing individual digests with a database of known contraband. However, the large capacities of modern storage media and time pressures placed on forensics examiners necessitates the development of more efficient processing methods. This work describes a technique for fingerprinting JPEGs with optimised Huffman tables which requires only the image header to be present on the media. Such fingerprints are shown to be robust across large datasets, with demonstrably faster processing times.

Published

2018

20. Machine learning and semantic analysis of in-game chat for cyber bullying

Author

Murnion, Shane, Buchanan, William J., Smales, Adrian, and Russell, Gordon

Subjects

005.8 Data security, Cyberbullying, machine learning, on-line gaming, multiplayer games, sentiment analysis, QA75 Electronic computers. Computer science, Centre for Distributed Computing, Networking and Security, Cyber-security, AI and Technologies

Abstract

One major problem with cyberbullying research is the lack of data, since researchers are traditionally forced to rely on survey data where victims and perpetrators self-report their impressions. In this paper, an automatic data collection system is presented that continuously collects in-game chat data from one of the most popular online multi-player games: World of Tanks. The data was collected and combined with other information about the players from available online data services. It presents a scoring scheme to enable identification of cyberbullying based on current research. Classification of the collected data was carried out using simple feature detection with SQL database queries and compared to classification from AI-based sentiment text analysis services that have recently become available and further against manually classified data using a custom-built classificationclient built for this paper. The simple SQL classification proved to be quite useful at identifying some features of toxic chat such as the use of bad language or racist sentiments, however the classification by the more sophisticated online sentiment analysis services proved to be disappointing. The results were then examined for insights into cyberbullying within this game and it was shown that it should be possible to reduce cyberbullying within the World of Tanks game by a significant factor by simply freezing the player’s ability to communicate through the in-game chat function for a short period after the player is killed within a match. It was also shown that very new players are much less likely to engage in cyberbullying, suggesting that it may be a learned behaviour from other players.

Published

2018

21. Securing Cloud Hypervisors: A Survey of the Threats, Vulnerabilities, and Countermeasures

Author

Rameez Asif and John Patrick Barrowclough

Subjects

Article Subject, Computer Networks and Communications, Computer science, QA75 Electronic computers. Computer science, Information science, Vulnerability, Cloud computing, 02 engineering and technology, Data breach, Cyber-security, Computer security, computer.software_genre, Software, Cloud Computing, Hypervisor, Encryption, Network Security, Data Networks, lcsh:Technology (General), 0202 electrical engineering, electronic engineering, information engineering, Centre for Distributed Computing, Networking and Security, lcsh:Science (General), Authentication, business.industry, 020206 networking & telecommunications, Hypervisor, AI and Technologies, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 005.8 Data security, lcsh:T1-995, 020201 artificial intelligence & image processing, Networks, business, computer, lcsh:Q1-390, Information Systems

Abstract

The exponential rise of the cloud computing paradigm has led to the cybersecurity concerns, taking into account the fact that the resources are shared and mediated by a ‘hypervisor’ that may be attacked and user data can be compromised or hacked. In order to better define these threats to which a cloud hypervisor is exposed, we conducted an in-depth analysis and highlighted the security concerns of the cloud. We basically focused on the two particular issues, i.e., (a) data breaches and (b) weak authentication. For in-depth analysis, we have successfully demonstrated a fully functional private cloud infrastructure running on CloudStack for the software management and orchestrated a valid hack. We analyzed the popular open-source hypervisors, followed by an extensive study of the vulnerability reports associated with them. Based on our findings, we propose the characterization and countermeasures of hypervisor’s vulnerabilities. These investigations can be used to understand the potential attack paths on cloud computing and Cloud-of-Things (CoT) applications and identify the vulnerabilities that enabled them.

Published

2018

22. Analysis: Building the Future of EU: Moving Forward with International Collaboration on Blockchain

Author

Buchanan, Bill and Naqvi, Naseem

Subjects

blockchain, Information society, digital, QA75 Electronic computers. Computer science, British, Cyber-security, European, collaboration, AI and Technologies, economy, 005.8 Data security, 332 Financial economics, Centre for Distributed Computing, Networking and Security, Networks

Abstract

A blockchain enabled 'Digital Single Economy " can act as a catalyst for growth and could provide a platform where borderless innovative practices will thrive and create a true collaborative global economy, with shared goals and objectives for the benefit of wider community. A society where digital economy flourishes irrespective of geopolitical ideologies and where a technology like Blockchain holds transformative potential to unite the nations together. The UK currently has strong collaborations around blockchain including with the British Blockchain Association which aims to integrate with the EU on the adoption of Blockchain based methods around a range of application areas. However, at the core of these alliances must be the promotion of technology which link industry, the public sector, and academia, whilst also integrating key stakeholders, such as law enforcement, finance, health care, professional bodies and the legal industry.

Published

2018

23. Lightweight cryptography methods

Author

Shancang Li, Rameez Asif, and William J Buchanan

Subjects

devices, encryption, Hashing functions PHOTON, SPONGENT, Computer science, QA75 Electronic computers. Computer science, Hash function, Lightweight cryptography, Resource limited, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Cyber-security, Encryption, 01 natural sciences, CLEFIA, Centre for Distributed Computing, Networking and Security, 0202 electrical engineering, electronic engineering, information engineering, Trivium (cipher), Hardware_ARITHMETICANDLOGICSTRUCTURES, business.industry, 020206 networking & telecommunications, AI and Technologies, Elliptic curve, 005.8 Data security, 010201 computation theory & mathematics, Embedded system, Lesamanta-LW, Enocoro, Trivium, PRESENT, CLEFIA, business, Wireless sensor network, Energy (signal processing)

Abstract

While our conventional cryptography methods, such for AES (encryption), SHA-256 (hashing) and RSA/Elliptic Curve (signing), work well on systems which have reasonable processing power and memory capabilities, these do not scale well into a world with embedded systems and sensor networks. Thus lightweight cryptography methods are proposed to overcome many of the problems of conventional cryptography. This includes constraints related to physical size, processing requirements, memory limitation and energy drain. This paper outlines many of the techniques that are defined as replacements for conventional cryptography within an Internet of Things (IoT) space and discuss some trends in the design of lightweight algorithms.

Published

2018

24. Analysis of the adoption of security headers in HTTP

Author

Scott Helme, Alan Woodward, and William J Buchanan

Subjects

Public key certificate, Computer science, Computer Networks and Communications, QA75 Electronic computers. Computer science, 02 engineering and technology, Content Security Policy, Man-in-the-middle attack, Cyber-security, Computer security, computer.software_genre, Encryption, Security policy, Public-key cryptography, World Wide Web, 0202 electrical engineering, electronic engineering, information engineering, Centre for Distributed Computing, Networking and Security, business.industry, 020206 networking & telecommunications, 020207 software engineering, AI and Technologies, 005.8 Data security, Code injection, business, computer, Software, Information Systems

Abstract

With the increase in the number of threats within Web-based systems, a more integrated approach is required to ensure the enforcement of security policies from the server to the client. These policies aim to stop man-in-the-middle attacks, code injection, and so on. This paper analyses some of the newest security options used within HTTP responses, and scans the Alexa Top 1 Million sites for their implementation within HTTP responses. These options scanned for include: Content Security Policy (CSP); Public Key Pinning Extension for HTTP (HPKP); HTTP Strict Transport Security (HSTS) and HTTP Header Field X-Frame-Options (XFO), in order to understand the impact that these options have on the most popular Web sites.The results show that, while the implementation of the parameters are increasing, they are still not implemented on many of the top sites. Along with this the paper shows the profile of adoption of Let’s Encrypt digital certificates across the one million sites, along with a way of assessing the quality of the security headers.

Published

2018

25. The Future Internet: A World of Secret Shares

Author

Owen Lo, William J Buchanan, Lu Fan, Gordon Russell, Elochukwu Ukwandu, and David Lanc

Subjects

cybersecurity, Computer Networks and Communications, Computer science, Key distribution, Cloud computing, Cyber-security, Encryption, Computer security, computer.software_genre, Secret sharing, Failover, QA76 Computer software, Centre for Distributed Computing, Networking and Security, SECRET, encryption, PKI, lcsh:T58.5-58.64, lcsh:Information technology, business.industry, cloud computing, Public key infrastructure, AI and Technologies, secret shares, computer programmes and software, 005.8 Data security, Secure multi-party computation, The Internet, business, computer, Computer network

Abstract

The Public Key Infrastructure (PKI) is crumbling, partially due to the lack of a strong understanding of how encryption actually works, but also due to weaknesses in its implementation. This paper outlines an Internet storage technique using secret sharing methods which could be used to overcome the problems inherent with PKI, while supporting new types of architectures incorporating such things as automated failover and break-glass data recovery. The paper outlines a novel architecture: SECRET, which supports a robust cloud-based infrastructure with in-built privacy and failover. In order to understand the performance overhead of SECRET, the paper outlines a range of experiments that investigate the overhead of this and other secret share methods.

Published

2015

26. Distance Measurement Methods for Improved Insider Threat Detection

Author

Richard Macfarlane, William J Buchanan, Owen Lo, and Paul Griffiths

Subjects

Jaccard index, Article Subject, Computer Networks and Communications, Computer science, QA75 Electronic computers. Computer science, 0211 other engineering and technologies, 02 engineering and technology, Cyber-security, Computer security, computer.software_genre, Insider, Order (exchange), lcsh:Technology (General), Centre for Distributed Computing, Networking and Security, 0202 electrical engineering, electronic engineering, information engineering, Hidden Markov model, lcsh:Science (General), Insider threat, distance measurement, 021103 operations research, Information society, Insider threat, AI and Technologies, Data set, Distance-vector routing protocol, Distance measurement, 005.8 Data security, lcsh:T1-995, 020201 artificial intelligence & image processing, Networks, computer, Information Systems, lcsh:Q1-390

Abstract

Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account changes of behaviour of users. This work builds on a published method of detecting insider threats and applies Hidden Markov method on a CERT data set (CERT r4.2) and analyses a number of distance vector methods (Damerau–Levenshtein Distance, Cosine Distance, and Jaccard Distance) in order to detect changes of behaviour, which are shown to have success in determining different insider threats.

Published

2018

27. A methodology for the security evaluation within third-party Android Marketplaces

Author

William J Buchanan, Simone Chiale, and Richard Macfarlane

Subjects

Software_OPERATINGSYSTEMS, Computer science, QA75 Electronic computers. Computer science, 0211 other engineering and technologies, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, Cyber-security, Adware, Computer security, computer.software_genre, Riskware, Cryptovirology, World Wide Web, 0202 electrical engineering, electronic engineering, information engineering, Centre for Distributed Computing, Networking and Security, Malware analysis, Android (operating system), 021110 strategic, defence & security studies, malware analysis, APK, Android, marketplace, Third party, 020207 software engineering, Computer Science Applications, AI and Technologies, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Medical Laboratory Technology, 005.8 Data security, Malware, Law, computer

Abstract

This paper aims to evaluate possible threats with unofficial Android marketplaces, and geo-localize the malware distribution over three main regions: China; Europe; and Russia. It provides a comprehensive review of existing academic literature about security in Android focusing especially on malware detection systems and existing malware databases. Through the implementation of a methodology for identification of malicious applications it has been collected data revealing a 5% of them as malicious in an overall analysis. Furthermore, the analysis shown that Russia and Europe have a preponderance of generic detections and adware, while China is found to be targeted mainly by riskware and malware.

Published

2017

28. A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks

Author

Naghmeh Moradpoor Sheykhkanloo

Subjects

SQL, Information Systems and Management, Computer Networks and Communications, Computer science, QA75 Electronic computers. Computer science, Intrusion Detection, SQL injection attacks, machine, Intrusion detection system, computer.software_genre, Databases, SQL injection, Web application, Learning based, Safety, Risk, Reliability and Quality, computer.programming_language, Hacker, Artificial neural network, business.industry, learning, Artificial Intelligence, Neural Networks, Web Attacks, Hardware and Architecture, 005.8 Data security, Operating system, Data mining, business, Safety Research, computer, Software

Abstract

Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the security of a web application. In the previous publications, the author has proposed a Neural Network (NN)-based model for detections and classifications of the SQLi attacks. The proposed model was built from three elements: 1) a Uniform Resource Locator (URL) generator, 2) a URL classifier, and 3) a NN model. The proposed model was successful to: 1) detect each generated URL as either a benign URL or a malicious, and 2) identify the type of SQLi attack for each malicious URL. The published results proved the effectiveness of the proposal. In this paper, the author re-evaluates the performance of the proposal through two scenarios using controversial data sets. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed model in terms of accuracy, true-positive rate as well as false-positive rate.

Published

2017

29. A RAM triage methodology for Hadoop HDFS forensics

Author

Josh Harrison, Petra Leimich, and William J Buchanan

Subjects

Digital forensics, distributed filesystem forensics, cloud storage forensics, Hadoop forensics, triage, Computer science, Process (engineering), QA75 Electronic computers. Computer science, Digital forensics, Big data, 02 engineering and technology, computer.software_genre, RAM forensics, big data, Data acquisition, 0202 electrical engineering, electronic engineering, information engineering, Centre for Distributed Computing, Networking and Security, Distributed File System, Network forensics, Scope (project management), business.industry, 020207 software engineering, Computer Science Applications, Medical Laboratory Technology, 005.8 Data security, Operating system, 020201 artificial intelligence & image processing, Data center, business, Law, computer

Abstract

This paper discusses the challenges of performing a forensic investigation against a multi-node Hadoop cluster and proposes a methodology for examiners to use in such situations. The procedure's aim of minimising disruption to the data centre during the acquisition process is achieved through the use of RAM forensics. This affords initial cluster reconnaissance which in turn facilitates targeted data acquisition on the identified DataNodes. To evaluate the methodology's feasibility, a small Hadoop Distributed File System (HDFS) was configured, and forensic artefacts simulated upon it by deleting data originally stored in in the cluster. RAM acquisition and analysis was then performed on the NameNode in order to test the validity of the suggested methodology. The results are cautiously positive in establishing that RAM analysis of the NameNode can be used to pinpoint the data blocks affected by the attack, allowing a targeted approach to the acquisition of data from the DataNodes, provided that the physical locations can be determined. A full forensic analysis of the DataNodes was beyond the scope of this project.

Published

2016

30. Risk assessment for mobile systems through a multilayered hierarchical Bayesian network

Author

Shancang Li, Theo Tryfonas, Gordon Russell, and Panagiotis Andriotis

Subjects

Computer science, mobile securityrisk assessment, QA75 Electronic computers. Computer science, Android malware, 0211 other engineering and technologies, Vulnerability, 02 engineering and technology, Computer security, computer.software_genre, Bayesian risks graphs, 0202 electrical engineering, electronic engineering, information engineering, Graphical model, Electrical and Electronic Engineering, Android (operating system), Hidden Markov model, Risk management, 021110 strategic, defence & security studies, business.industry, Bayesian network, 020206 networking & telecommunications, Static analysis, Computer Science Applications, Human-Computer Interaction, Risk analysis (engineering), Control and Systems Engineering, 005.8 Data security, Mobile telephony, business, Risk assessment, computer, Software, Information Systems

Abstract

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security risks posed by each mobile applications (apps), thus gaining a stronger understanding of any vulnerabilities present. This paper aims at developing a three-layer framework that assesses the potential risks which apps introduce within the Android mobile systems. A Bayesian risk graphical model is proposed to evaluate risk propagation in a layered risk architecture. By integrating static analysis, dynamic analysis, and behavior analysis in a hierarchical framework, the risks and their propagation through each layer are well modeled by the Bayesian risk graph, which can quantitatively analyze risks faced to both apps and mobile systems. The proposed hierarchical Bayesian risk graph model offers a novel way to investigate the security risks in mobile environment and enables users and administrators to evaluate the potential risks. This strategy allows to strengthen both app security as well as the security of the entire system.

Published

2016

31. Password Pattern and Vulnerability Analysis for Web and Mobile Applications

Author

Li, Shancang, Romdhani, Imed, and Buchanan, William

Subjects

security entropies, 005.8 Data security, QA75 Electronic computers. Computer science, Centre for Distributed Computing, Networking and Security, Cyber-security, Networks, password strength, password vulnerabilities, AI and Technologies

Abstract

Text⁃based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy and Minimum entropy. We show how to substantially improve upon the strength of passwords based on the analysis of text⁃password entropies. By analyzing the passwords datasets of Rockyou and 163.com, we believe strong password can be designed based on good usability, deployability, rememberbility, and security entropies.

Published

2016

32. The Internet of Things: a security point of view

Author

Theo Tryfonas, Honglei Li, Shancang Li, and Pan Wang, Professor Sohail Chaudhry, Professor

Subjects

Economics and Econometrics, Sociology and Political Science, Computer science, information security, Internet of Things, 02 engineering and technology, Cyber-security, Computer security, computer.software_genre, Internet security, Security information and event management, Security engineering, QA76 Computer software, 0202 electrical engineering, electronic engineering, information engineering, Multi-layer Security Architecture, network security, Centre for Distributed Computing, Networking and Security, Cloud computing security, Communication security, business.industry, G400, Communication, 020208 electrical & electronic engineering, G900, 020206 networking & telecommunications, applications security, Information security, Computer security model, AI and Technologies, Security service, 005.8 Data security, Security through obscurity, Security Requirements, Networks, business, computer

Abstract

Purpose – The purpose of this paper is to provide an in-depth overview of the security requirements and challenges for Internet of Things (IoT) and discuss security solutions for various enabling technologies and implications to various applications. Design/methodology/approach – Security requirements and solutions are analysed based on a four-layer framework of IoT on sensing layer, network layer, service layer, and application layer. The cross-layer threats are analysed followed by the security discussion for the enabling technologies including identification and tracking technologies, WSN and RFID, communication, networks, and service management. Findings – IoT calls for new security infrastructure based on the new technical standards. As a consequence, new security design for IoT shall pay attention to these new standards. Security at both the physical devices and service-applications is critical to the operation of IoT, which is indispensable for the success of IoT. Open problems remain in a number of areas, such as security and privacy protection, network protocols, standardization, identity management, trusted architecture, etc. Practical implications – The implications to various applications including supervisory control and data acquisition, enterprise systems, social IoT are discussed. The paper will serve as a starting point for future IoT security design and management. The security strategies for IoT should be carefully designed by managing the tradeoffs among security, privacy, and utility to provide security in multi-layer architecture of IoT. Originality/value – The paper synthesizes the current security requirements for IoT and provides a clear framework of security infrastructure based on four layers. Accordingly, the security requirements and potential threats in the four-layer architecture are provided in terms of general devices security, communication security, network security, and application security.

Published

2016

33. Fundamental Issues in Mobile Healthcare Information Systems

Author

Mehmet A. Orgun, Christoph Thuemmler, and Basit Shahzad

Subjects

Article Subject, 005 Computer programming, programs & data, Computer science, business.industry, Computer Networks and Communications, QA75 Electronic computers. Computer science, 05 social sciences, 050801 communication & media studies, TK5101-6720, Computer Science Applications, AI and Technologies, 0508 media and communications, QA76 Computer software, Human–computer interaction, 005.8 Data security, Health, 0502 economics and business, Health care, Telecommunication, Information system, Centre for Distributed Computing, Networking and Security, 050211 marketing, eHealth, business

Abstract

Fundamental Issues in Mobile Healthcare Information Systems

Published

2016

34. If you want to know about a hunter, study his prey: detection of network based attacks on KVM based cloud environments

Author

Costas Lambrinoudakis, Nikolaos Pitropakis, Dimitra Anastasopoulou, and Aggelos Pikrakis

Subjects

Cloud computing security, Computer Networks and Communications, Computer science, business.industry, QA75 Electronic computers. Computer science, Distributed computing, Cloud computing, Cyber-security, Computer security, computer.software_genre, Cloud computing, Security, Co-residency, Network stressing, Malicious insider, KVM, System calls, Smith-waterman, AI and Technologies, Economic advantage, Kernel (image processing), 005.8 Data security, Genetic algorithm, Networks, business, computer, Computer communication networks, Software

Abstract

Computational systems are gradually moving towards Cloud Computing Infrastructures, using the several advantages they have to offer and especially the economic advantages in the era of an economic crisis. In addition to this revolution, several security matters emerged and especially the confrontation of malicious insiders. This paper proposes a methodology for detecting the co-residency and network stressing attacks in the kernel layer of a Kvm-based cloud environment, using an implementation of the Smith-Waterman genetic algorithm. The proposed approach has been explored in a test bed environment, producing results that verify its effectiveness.

Published

2014

35. 'I am Spartacus' – privacy enhancing technologies and privacy as a public good

Author

Kwecka, Zbigniew, Buchanan, William J, Schafer, Burkhard, and Rauhofer, Judith

Subjects

Investigative Data Acquisition Platform (IDAP), 005.8 Data security, QA75 Electronic computers. Computer science, Centre for Distributed Computing, Networking and Security, Privacy enhancing technologies, Cyber-security, Private Information Retrieval (PIR), AI and Technologies

Abstract

The paper introduces an approach to privacy enhancing technologies that sees privacy not merely as an individual right, but as a public good. This understanding of privacy has recently gained ground in the debate on appropriate legal protection for privacy in an online environment. The jurisprudential idea that privacy is a public good and prerequisite for a functioning democracy also entails that its protection should not be left exclusively to the individual whose privacy is infringed. This idea finds its correspondence in our approach to privacy protection through obfuscation, where everybody in a group takes a small privacy risk to protect the anonymity of fellow group members. We show how these ideas can be computationally realised in an Investigative Data Acquisition Platform (IDAP). IDAP is an efficient symmetric Private Information Retrieval (PIR) protocol optimised for the specific purpose of facilitating public authorities’ enquiries for evidence.

Published

2014

36. Garmin satnav forensic methods and artefacts: an exploratory study

Author

Arbelet, Alexandre

Subjects

ant-forensics, QA75 Electronic computers. Computer science, Garmin, file signatures, Cyber-security, GPS forensics, location tracking data, carving techniques, AI and Technologies, Tom-Tom, locational artefacts, 005.8 Data security, Centre for Distributed Computing, Networking and Security, Global Positioning System (GPS), digital investigation

Abstract

Over ten years ago, major changes in the Global Positioning System (GPS) technology led to its explosion in popularity. GPS devices are now ubiquitous, escorting their users everywhere they go, and potentially recording the entirety of their whereabouts. As such, they represent invaluable assets to forensic practitioners. Amongst the different brands, Garmin and Tom-Tom are by far the most widespread, and are regularly encountered as part of investigations. GPS forensics is a relatively new field of study, in which tools and methodologies are very reliant upon the device itself. Whereas several tools and methodologies have been developed to address Tom-Tom devices, the lack of knowledge concerning Garmin devices may lead to investigators missing evidence. This thesis aims to explore forensic methods applicable to Garmin devices, and highlight locational artefacts located on them, which may be of use in a digital investigation. To do so, three series of experiments have been designed and performed, intending to document the behaviour of the device, the methods to acquire and analyse its content efficiently, and the reliability of the data recovered. This thesis shows successful acquisition of data from a range of Garmin devices. It also demonstrates that various forensic artefacts can be recovered from Garmin devices, with the results compared to similar research into Tom-Tom GPS devices. This highlights that Garmin devices potentially have a greater forensic potential than Tom-Tom devices, as it was found they typically hold up to 6 month of their user’s daily locations, regardless of whether the navigation was in use or not. Using carving techniques and file signatures discovered through the project, this thesis shows how to recover further location tracking data from unallocated clusters. However, it also highlights that such information should be considered carefully, since the work also demonstrates that the data can be manipulated using anti-forensic techniques.

Published

2014

37. HI-Risk: a socio-technical method for the identification and monitoring of healthcare information security risks in the information society

Author

van Deursen Hazelhoff Roelfze, Nicole

Subjects

Information security, QA76 Computer software, Centre for Social Informatics, 005.8 Data security, Hi-risk method, Centre for Distributed Computing, Networking and Security, socio-technical risks, risk forecasting, Cyber-security, AI and Technologies

Abstract

This thesis describes the development of the HI-risk method to assess socio-technical information security risks. The method is based on the concept that related organisations experience similar risks and could benefit from sharing knowledge in order to take effective security measures. The aim of the method is to predict future risks by combining knowledge of past information security incidents with forecasts made by experts. HI-risks articulates the view that information security risk analysis should include human, environmental, and societal factors, and that collaboration amongst disciplines, organisations and experts is essential to improve security risk intelligence in today’s information society. The HI-risk method provides the opportunity for participating organisations to register their incidents centrally. From this register, an analysis of the incident scenarios leads to the visualisation of the most frequent scenario trees. These scenarios are presented to experts in the field. The experts express their opinions about the expected frequency of occurrence for the future. Their expectation is based on their experience, their knowledge of existing countermeasures, and their insight into new potential threats. The combination of incident and expert knowledge forms a risk map. The map is the main deliverable of the HI-risk method, and organisations could use it to monitor their information security risks. The HI-risk method was designed by following the rigorous process of design science research. The empirical methods used included qualitative and quantitative techniques, such as an analysis of historical security incident data from healthcare organisations, expert elicitation through a Delphi study, and a successful test of the risk forecast in a case organisation. The research focused on healthcare, but has potential to be further developed as a knowledge-based system or expert system, applicable to any industry. That system could be used as a tool for management to benchmark themselves against other organisations, to make security investment decisions, to learn from past incidents and to provide input for policy makers.

Published

2014

38. Approaches to the classification of high entropy file fragments

Author

Philip Penrose, Richard Macfarlane, and William J Buchanan

Subjects

Computer science, QA75 Electronic computers. Computer science, Digital forensics, Cyber-security, computer.software_genre, Encryption, Measure (mathematics), Fragment (logic), Centre for Distributed Computing, Networking and Security, Randomness, Statistical hypothesis testing, Encryption detection, File fragments, Artificial neural network, business.industry, File forensics, Computer Science Applications, AI and Technologies, Medical Laboratory Technology, 005.8 Data security, NIST, Data mining, business, Law, computer, Encrpyted files

Abstract

In this paper we propose novel approaches to the problem of classifying high entropy file fragments. We achieve 97% correct classification for encrypted fragments and 78% for compressed. Although classification of file fragments is central to the science of Digital Forensics, high entropy types have been regarded as a problem. Roussev and Garfinkel [1] argue that existing methods will not work on high entropy fragments because they have no discernible patterns to exploit. We propose two methods that do not rely on such patterns. The NIST statistical test suite is used to detect randomness in 4KB fragments. These test results were analysed using Support Vector Machines, k-Nearest-Neighbour analysis and Artificial Neural Networks (ANN). We compare the performance of each of these analysis methods. Optimum results were obtained using an ANN for analysis giving 94% and 74% correct classification rates for encrypted and compressed fragments respectively. We also use the compressibility of a fragment as a measure of its randomness. Correct classification was 76% and 70% for encrypted and compressed fragments respectively. Although it gave poorer results for encrypted fragments we believe that this method has more potential for future work. We have used subsets of the publicly available GovDocs1 Million File Corpus‘ so that any future research may make valid comparisons with the results obtained here.

Published

2013

39. Formal security policy implementations in network firewalls

Author

Omair Uthmani, William J Buchanan, Lu Fan, Elias Ekonomou, Richard Macfarlane, and Owen Lo

Subjects

General Computer Science, Network security, Computer science, Security policy, QA75 Electronic computers. Computer science, Covert channel, Cyber-security, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Firewall policy management systems, Security engineering, Policy visualisation, Centre for Distributed Computing, Networking and Security, Cloud computing security, business.industry, Computer security model, Policy enforcement, Reverse engineering security policies, AI and Technologies, Security service, Information security standards, 005.8 Data security, Network Access Control, Firewalls, Security through obscurity, Network security policy, business, Law, computer

Abstract

Network security should be based around formal security policies. From high-level natural language, non-technical, policies created by management, down to device and vendor specific policies, or configurations, written by network system administrators. There exists a multitude of research into policy-based network systems which has been undertaken. This paper provides an overview of the different type of policies relating to security in networks, and a taxonomy of the research into systems which have been proposed to support the network administrators in difficult tasks of creating, managing and deploying these policies.

Published

2012

40. Implementation and evaluation of a botnet analysis and detection method in a virtual environment

Author

Waheed, Shahzad

Subjects

botnets, computer virus, QA76 Computer software, Computer security, malware, 005.8 Data security, Centre for Distributed Computing, Networking and Security, Cyber-security, hacking, AI and Technologies

Abstract

Botnets are one of the biggest cyber threats. Botnets based on concepts that used for the development of malware or viruses before origin of the Internet in 1990s. Botnet is a form of malware controlled by a Botmaster using Command and Control (C&C). Since emerging of one of the first botnets PrettyPark in 1999, it has been a significant enhancement in last decade for botnet development techniques by hackers. Botnets of current age are with features such as P2P architecture, encrypted traffic, use of different protocols, stealth techniques and spreading through social networking websites such as Facebook and Bebo. With enhancements in botnet development, the objectives of cyber criminals advanced to get financial as well. ZeuS is one of the well known botnets of current with a main target is to get the financial gain. It uses advanced botnet techniques such as encrypted traffic, use of HTTP protocol and stealth techniques to hide itself from the OS. Overall objective of this thesis is application of botnet analysis and detection techniques on ZeuS bot to demonstrate that how these techniques are applicable to other modern botnets such as KoobFace, Torpig, and Kelihos etc. ZeuS code leaked in May 2011 to open the doors for hackers to utilise techniques used by ZeuS to develop new bots and for researchers to learn the internal working of one of the modern botnet of the current age. In this thesis, “ZeuS toolkit with Control Panel (CP)” is used. It contains tools to create a ZeuS bot executable with user defined configuration and ZeuS Control Panel (CP) developed in PHP and MySql, to install on a machine to act as a ZeuS “C&C server”. Ethically, according to “CSSR: British Computer Society Code of Conduct”, ZeuS botnet analysis is performed in a virtual environment with two machines i.e. “Bot victim with HIDS (Host Based Intrusion Detection System)” and “C&C server” that are isolated from host machine running VMware and the Internet. Bot executed to infect “Bot victim” machine with ZeuS bot to convert it into a “zombie” being controlled by “C&C server” machine running ZeuS Control Panel (CP). ZeuS bot analysis performed in three layers i.e. binary, application and communication layer. On binary layer analysis, reverse engineering tools used to reverse engineer the ZeuS executable to explore its internal. ZeuS reversed engineered C++ code by REC was not in a meaningful form. It indicates that ZeuS binary obfuscated using some algorithm. Only basic information i.e. version and header information for ZeuS bot executable could be found using PE Explorer tool. On application layer, during ZeuS bot execution, all activities related to threads/process, file system (.dll files accessed and files created) and registry changes captured using Procmon. Important information captured by Procmon is creation of a copy of bot executable (sdra64.exe) and data file “user.ds” created in windows subfolder “/system32” and in registry “Userinit” key modified by ZeuS to enable the ZeuS execution before Windows GUI appears (execution of Explorer.exe). On communication layer, packets during bot synchronisation with botmaster and bot commands sent by “C&C server” to “Bot victim” captured for to create rules for HIDS for signature based detection on “Bot victim”. These rules implemented and raised alarm as expected successfully. Anomaly based detection requires “learning” or profiling that requires interaction of machine on Internet. Ethically it is not possible in isolated virtual environment. DNS based detection and process to reveal a “rootkit” that modifies MBR (master boot record) of the hard disk, is not applicable for ZeuS analysis. Literature review of this thesis covers all aspects of botnet analysis and detection techniques regardless of that they are not applicable in this project ethically or ZeuS bot does not support them. Objective of providing this information is to give an overview of all analysis and detection techniques that are applicable to the modern botnets of current age.

Published

2012

41. E-Health: chances and challenges of distributed, service oriented architectures

Author

Elias Ekonomou, Owen Lo, Abou Sofyane Khedim, Christoph Thuemmler, William J Buchanan, and Lu Fan

Subjects

Engineering, Process management, DACAR PaaS, Computer Networks and Communications, Cloud computing, Cyber-security, computer.software_genre, Computer security, QA76 Computer software, Order (exchange), Health care, Centre for Distributed Computing, Networking and Security, SOA, Mobile technology, Pace, Service (business), business.industry, distributed system, Virtualization, AI and Technologies, Hardware and Architecture, Software deployment, 005.8 Data security, 362 Social welfare problems & services, E-Health, business, computer

Abstract

Societies are undergoing unprecedented demographic and socio-economical changes on a pace that has never been experienced before. Health care models are in transition to remain affordable for governments and individuals. Mobile technology and cloud computing will play a major role in order to help to achieve the necessary level of virtualization and service aggregation. There are, however, technological challenges in terms of security, trust, user friendliness and deployment of innovative E-Health strategies.

Published

2012

42. Cryptographic privacy-preserving enhancement method for investigative data acquisition

Author

Kwecka, Zbigniew

Subjects

Investigative Data Acquisition Platform (IDAP), 005.8 Data security, QA75 Electronic computers. Computer science, SPIR, Centre for Distributed Computing, Networking and Security, k-anonymity, Internet Service Providers, Cyber-security, privacy, Investigative data, Symmetric Private Information Retrieval, AI and Technologies

Abstract

The current processes involved in the acquisition of investigative data from third parties, such as banks, Internet Service Providers (ISPs) and employers, by the public authorities can breach the rights of the individuals under investigation. This is mainly caused by the necessity to identify the records of interest, and thus the potential suspects, to the dataholders. Conversely, the public authorities often put pressure on legislators to provide a more direct access to the third party data, mainly in order to improve on turnaround times for enquiries and to limit the likelihood of compromising the investigations. This thesis presents a novel methodology for improving privacy and the performance of the investigative data acquisition process. The thesis shows that it is possible to adapt Symmetric Private Information Retrieval (SPIR) protocols for use in the acquisition process, and that it is possible to dynamically adjust the balance between the privacy and performance based on the notion of k-anonymity. In order to evaluate the findings an Investigative Data Acquisition Platform (IDAP) is formalised, as a cryptographic privacy-preserving enhancement to the current data acquisition process.SPIR protocols are often computationally intensive, and therefore, they are generally unsuitable to retrieve records from large datasets, such as the ISP databases containing records of the network traffic data. This thesis shows that, despite the fact that many potential sources of investigative data exist, in most cases the data acquisition process can be treated as a single-database SPIR. Thanks to this observation, the notion of k-anonymity, developed for privacy-preserving statistical data-mining protocols, can be applied to the investigative scenarios, and used to narrow down the number of records that need to be processed by a SPIR protocol.This novel approach makes the application of SPIR protocols in the retrieval of investigative data feasible.The dilution factor is defined, by this thesis, as a parameter that expresses the range of records used to hide a single identity of a suspect. Interestingly, the value of this parameter does not need to be large in order to protect privacy, if the enquiries to a given dataholder are frequent. Therefore, IDAP is capable of retrieving an interesting record from a dataholder in a matter of seconds, while an ordinary SPIR protocol could take days to complete retrieval of a record from a large dataset.This thesis introduces into the investigative scenario a semi-trusted third party, which is a watchdog organisation that could proxy the requests for investigative data from all public authorities. This party verifies the requests for data and hides the requesting party from the dataholder. This limits the dataholders ability to judge the nature of the enquiry. Moreover, the semi-trusted party would filter the SPIR responses from the dataholders, by securely discarding the records unrelated to enquiries. This would prevent the requesting party from using a large computational power to decrypt the diluting records in the future, and would allow the watchdog organisation to verify retrieved data in court, if such a need arises. Therefore, this thesis demonstrates a new use for the semi-trusted third parties in SPIR protocols. Traditionally used to improve on the complexity of SPIR protocols, such party can potentially improve the perception of the cryptographic trapdoor-based privacy- preserving information retrieval systems, by introducing policy-based controls.The final contribution to knowledge of this thesis is definition of the process of privacy-preserving matching records from different datasets based on multiple selection criteria. This allows for the retrieval of records based on parameters other than the identifier of the interesting record. Thus, it is capable of adding a degree of fuzzy matching to the SPIR protocols that traditionally require a perfect match of the request to the records being retrieved. This allows for searching datasets based on circumstantial knowledge and suspect profiles, thus, extends the notion of SPIR to more complex scenarios.The constructed IDAP is thus a platform for investigative data acquisition employing the Private Equi-join (PE) protocol – a commutative cryptography SPIR protocol.The thesis shows that the use of commutative cryptography in enquiries where multiple records need to be matched and then retrieved (m-out-of-n enquiries) is beneficial to the computational performance. However, the above customisations can be applied to other SPIR protocols in order to make them suitable for the investigative data acquisition process. These customisations, together with the findings of the literature review and the analysis of the field presented in this thesis, contribute to knowledge and can improve privacy in the investigative enquiries.

Published

2011

43. Minimising collateral damage: privacy-preserving Investigative data acquisition platform

Author

Kwecka, Zbigniew, Buchanan, William J, and Spiers, Duncan A

Subjects

005.8 Data security, QA75 Electronic computers. Computer science, Privacy Enhancing Technology, Centre for Distributed Computing, Networking and Security, Data Mining, Cyber-security, Data Retrieval, AI and Technologies

Abstract

Investigators define invasion of privacy during their operations as collateral damage. Inquiries that require gathering data about potential suspects from third parties, such as banks, Internet Service Providers (ISPs) or employers are likely to impact the relation between the data subject and the data controller. In this research a novel privacy-preserving approach to mitigating collateral damage during the acquisition process is presented and Investigative Data Acquisition Platform (IDAP) is defined. IDAP is an efficient symmetric Private Information Retrieval (PIR) protocol optimised for the specific purpose of facilitating public authorities’ enquiries for evidence. This research introduces a semi-trusted proxy into the PIR process in order to gain the acceptance of the general public for the trap-door based privacy-preserving techniques. Then the dilution factor is defined as a level of anonymity required in a given investigation. Defining this factor allows restricting the number of records processed, and therefore, minimising the processing time while maintaining an appropriate level of privacy. Finally, the technique allowing retrieval of records matching multiple selection criteria is described.

Published

2011

44. Crime risk evaluation within information sharing between the Police and community partners

Author

Uthmani, Omair, Buchanan, William J, Lawson, Alistair, Scott, Russell, Schafer, Burkhard, and Fan, Lu

Subjects

Information sharing, police, community partners, 005.8 Data security, questionnaire, QA75 Electronic computers. Computer science, Centre for Distributed Computing, Networking and Security, single point of contact, Cyber-security, AI and Technologies

Abstract

The aim of this paper is to provide profiles for crimes which can be used to model the context for information sharing between the police and community partner organisations. This context can then be integrated with information-sharing syntax used by Single Point of Contact (SPoC) agents to process information sharing requests [1]. The questionnaires attempt to clas-sify crimes into categories, with identify profiles of crime-types, according to the level of in-formation sharing they necessitate between community partner organisations. Crimes are sepa-rated into classifications, which are based on the perceived level of necessary information-exchange among police and community partners. The aim of the questionnaire is to gather academic responses to identify the level of risk in order that it can be defined as risk assess-ment level, which is key to enhancing the public?s reassurance in the police.

Published

2011

45. Performance and student perception evaluation of cloud-based virtualised security and digital forensics labs

Author

Buchanan, William J, Graves, Jamie, Bose, Niladri, Macfarlane, Richard, Davison, Brian, and Ludwiniak, Robert

Subjects

005.8 Data security, cloud-based infrastructure, QA75 Electronic computers. Computer science, digital forensics, Centre for Distributed Computing, Networking and Security, Virtualised environments, Cyber-security, computer security, AI and Technologies

Abstract

This paper focuses on the integration of virtualised environments within the teaching of computer security and digital forensics, and includes three case studies. The first case study involves assessing student perception on the usage of VMware Workstation and AWS (Amazon Web Services) for security and digital forensics labs, while the other two present a performance and reflective evaluation of a Cloud-based infrastructure using VMware ESXi. The evaluation for the first case study shows the results of a questionnaire for the integration of VMware Workstation and AWS, and highlights that the virtualised environment seems to engage students more than traditional desktop ones, along with identifying the key areas which seem to be useful, such as for network forensics and in running instances within a sand-boxed environment. The other two case studies show an evaluation of the performance impact of security and digital forensics students using a Cloud-based infrastructure for their labs, and that the developed infrastructure copes well with both scheduled lab-based classes, remote access, and a virtualised environment for courseworks.

Published

2011

46. AES Encryption and Decryption in Microsoft .NET

Author

Buchanan, William J

Subjects

AES, 005.8 Data security, Microsoft .NET, decryption, QA75 Electronic computers. Computer science, Centre for Distributed Computing, Networking and Security, data encryption, Cyber-security, AI and Technologies

Abstract

This paper outlines the usage of AES in Microsoft .NET. It provides a basic overview of the AES method, along with a review of other popular encryption methods and some sample code which can be used to implement AES.

Published

2010

47. 3DES Encryption and Decryption in Microsoft .NET

Author

Buchanan, William J

Subjects

3DES, 005.8 Data security, Microsoft .Net, QA75 Electronic computers. Computer science, Centre for Distributed Computing, Networking and Security, authentication, data encryption, Cyber-security, privacy, secret communications system, e-Health Cloud, AI and Technologies

Abstract

This paper outlines the usage of 3DES in Microsoft .NET. It provides a basic overview of the 3-DES method, along with a review of other popular encryption methods and some sample code which can be used to implement 3DES.

Published

2010

48. Framework for network IDS evaluation

Author

Lo, Owen

Subjects

host-based IDS, evaluation, QA75 Electronic computers. Computer science, firewalls, network-based IDS, Intrusion Detection Systems, virus, IDS, Cyber-security, AI and Technologies, realistic attack, 005.8 Data security, background traffic, Security, distributed-based IDS, Centre for Distributed Computing, Networking and Security, malicious software scanners, automation

Abstract

There are a multitude of threats now faced in computer networks such as viruses, worms, trojans, attempted user privilege gain, data stealing and denial of service. As a first line of defence, firewalls can be used to prevent threats from breaching a network. Although effective, threats can inevitably find loopholes to overcome a firewall. As a second line of defence,security systems,such as malicious software scanners may be put in place to detect a threat inside the network. However, such security systems cannot necessary detect all known threats, therefore a last line of defence comes in the form of logging a threat using Intrusion Detection Systems (Buchanan, 2009, p. 43).Being the last line of defence, it is vital that IDSs are up to an efficient standard in detecting threats. Researchers have proposed methodologies for the evaluation of IDSs but, currently, no widely agreed upon standard exists (Mell, Hu, Lippmann, Haines, & Zissman, 2003, p. 1).Many different categories of IDSs are available, including host-based IDS(HIDS), network-based IDS(NIDS)and distributed-based IDS(DIDS).Attempting to evaluate these different categories of IDSs using a standard accepted methodology allows for accurate benchmarking of results. This thesis reviews four existing methodologies and concludes that the most important aspects in an effective evaluation of IDSs must include realistic attack and background traffic, ease of automation and meaningful metrics of evaluation.A prototype framework is proposed which is capable of generating realistic attacks including surveillance/probing, user privilege gain, malicious software and denial of service. The framework also has the capability of background traffic generation using static network data sets. The detection metrics of efficiency, effectiveness and packet loss are defined along with resource utilisation metrics in the form of CPU utilisation and memory usage. A GUI developed in Microsoft .NETC# achieves automation of sending attack and background traffic,along with the generation of detection metrics from the datalogged by the IDS under evaluation.Using a virtual networking environment, the framework is evaluated against the NIDS Snort to show the capabilities of the implementation. Mono was used to run the .NET application in a Linux environment. The results showed that, whilst the NIDS is highly effective in the detection of attacks(true-positives), its main weakness is the dropping of network packets at higher CPU utilisations due to high traffic volume. At around 80Mbps playback volumes of background traffic and above, it was found that Snort would begin to drop packets. Furthermore, it was also found that the NIDS is not very efficient as it tends to raise a lot of alerts even when there are no attacks (false-positives).The conclusion drawn in this thesis is that the framework is capable of carrying out an evaluation of an NIDS. However, several limitations to the current framework are also identified. One of the key limitations is that there is a need for controlled aggregation of network traffic in this framework so that attack and background traffic can be more realistically mixed together. Furthermore, the thesis shows that more research is required in the area of background traffic generation. Although the framework is capable of generating traffic using state data sets, a more ideal solution would be an implementation in which allows the user to select certain “profiles” of network traffic. This would serve the purpose of better reflecting the network environment in which the IDS will be deployed on.

Published

2009

49. An integrated firewall policy validation tool

Author

Macfarlane, Richard

Subjects

policy-based management system, QA76 Computer software, 005.8 Data security, off-line fireawall policy, object-oriented approach, network device languages, Security policies, device configurations, validation tool

Abstract

Security policies are increasingly being implemented by organisations. Policies are mapped to device configurations to enforce the policies. This is typically performed manually by network administrators. The development and management of these enforcement policies is a difficult and error prone task. This thesis describes the development and evaluation of an off-line firewall policy parser and validation tool. This provides the system administrator with a textual interface and the vendor specific low level languages they trust and are familiar with, but the support of an off-line compiler tool. The tool was created using the Microsoft C#.NET language, and the Microsoft Visual Studio Integrated Development Environment (IDE). This provided an object environment to create a flexible and extensible system, as well as simple Web and Windows prototyping facilities to create GUI front-end applications for testing and evaluation. A CLI was provided with the tool, for more experienced users, but it was also designed to be easily integrated intoGUI based applications for non-expert users. The evaluation of the system was performed from a custom built GUI application, which can create test firewall rule sets containing synthetic rules, to supply a variety of experimental conditions, as well as record various performance metrics.The validation tool was created, based around a pragmatic outlook, with regard to the needs of the network administrator. The modularity of the design was important, due to the fast changing nature of the network device languages being processed. An object oriented approach was taken, for maximum changeability and extensibility, and a flexible tool was developed, due to the possible needs of different types users. System administrators desire, low level, CLI-based tools that they can trust, and use easily from scripting languages. Inexperienced users may prefer a more abstract, high level, GUI or Wizard that has an easier to learn process.Built around these ideas, the tool was implemented, and proved to be a usable, and complimentary addition to the many network policy-based systems currently available. The tool has a flexible design and contains comprehensive functionality. As opposed to some of the other tools which perform across multiple vendor languages, but do not implement a deep range of options for any of the languages. It compliments existing systems, such as policy compliance tools, and abstract policy analysis systems. Its validation algorithms were evaluated for both completeness, and performance. The tool was found to correctly process large firewall policies in just a few seconds.A framework for a policy-based management system, with which the tool would integrate, is also proposed. This is based around a vendor independent XML-based repository of device configurations, which could be used to bring together existing policy management and analysis systems.

Published

2009

50. Culture & biometrics: regional differences in the perception of biometric authentication technologies

Author

Riley, Chris W, Buckner, Kathy, Johnson, Graham, and Benyon, David

Subjects

Centre for Interaction Design, biometric authentication technology, Information society, 005.8 Data security, 004 Data processing & computer science, QA75 Electronic computers. Computer science, 006.3 Artificial intelligence, cross-cultural diffrences, data security, AI and Technologies

Abstract

Previous research has identified user concerns about biometric authentication technology, but most of this research has been conducted in European contexts. There is a lack of research that has investigated attitudes towards biometric technology in other cultures. To address this issue, data from India, South Africa and the United Kingdom were collected and compared. Cross-cultural attitudinal differences were seen, with Indian respondents viewing biometrics most positively while respondents from the United Kingdom were the least likely to have a positive opinion about biometrics. Multiple barriers to the acceptance of biometric technology were identified with data security and health and safety fears having the greatest overall impact on respondents’ attitudes towards biometrics. The results of this investigation are discussed with reference to Hofstede’s cultural dimensions and theories of technology acceptance. It is argued that contextual issues specific to each country provide a better explanation of the results than existing theories based on Hofstede’s model. We conclude that cultural differences have an impact on the way biometric systems will be used and argue that these factors should be taken into account during the design and implementation of biometric systems.

Published

2009