Skip to main content
main-content

Über dieses Buch

This book constitutes the refereed proceedings of the International Symposium on Security in Computing and Communications, SSCC 2013, held in Mysore, India, in August 2013. The 24 revised full papers presented together with 15 poster papers were carefully reviewed and selected from 111 submissions. The papers cover all aspects of secure computing and communication in networking and distributed systems such as cloud-based data centers.

Inhaltsverzeichnis

Frontmatter

Regular Papers

A Novel Approach for a Hardware-Based Secure Process Isolation in an Embedded System

The need for a secure communication between two entities in a system is mandatory to protect the trustworthiness of the system. For example, consider an embedded system inside an automobile where two Electronic Control Units (ECUs) attached to a bus are communicating with each other. Such a system is rather secure against attacks from each other because the two ECUs and thus the tasks executing on them are physically separated from each other by design. However, this is not the case when two tasks, one of them being safety/security critical, execute on the same ECU in parallel because it opens an opportunity for a mutual impact by the tasks, for example, due to a shared resource such as the local memory. Thus, the goal of this contribution is to establish a secure isolation between such tasks to avoid an un-authorized communication and thus to build a trusted embedded system. Though, there exist approaches in the literature, for example, based on virtualization technology and others to address this issue, either they are only software-based or not suitable for embedded systems. In contrast, the proposed approach in here is not only hardware-based, which is more secure, but also lightweight in its design. In specific, the proposed approach, utilizes a security module with minimal Trusted Computing (TC) technology features tailored to the needs of a resource constrained embedded system. Additionally, a proof-of-concept implementation of the proposed approach is performed to illustrate the design feasibility.

Sunil Malipatlolla

Signature Embedding in the Functional Description of Reversible Circuit

In order to prevent unauthorized access and illegal redistribution during the exchange and distribution of Intellectual Properties (IPs), embedding ownership information has become inevitable. Recently, research on reversible circuits has drawn significant attention especially in the areas of digital signal processing, nano and quantum computing. The strategies employed for dealing with the security risks associated with the development and distribution of conventional digital circuits may not be directly applicable to reversible circuits. In this paper, we propose a simple technique to embed the owner’s signature during the synthesis of a reversible circuit. The embedded signature can be used to prevent unauthorized access and/or illegal distribution of such circuits (or circuit descriptions). The proposed technique offers strong security as the signature is embedded as a functional part of the design, at the initial stage of the specification. Experimental results on benchmarks show that the owner’s signature can be embedded without significant overhead.

Animesh Roy, Debasis Mitra

Detecting Laser Fault Injection for Smart Cards Using Security Automata

Security and interoperability issues are increasing in smart card domain and it is important to analyze these issues carefully and implement appropriate countermeasures to mitigate them. Security issues involve attacks on smart cards which can lead to their abnormal behavior. Fault attacks are the most important among them and they can affect the program execution, smart card memory, etc. Detecting these abnormalities requires some redundancies, either by another code execution or by an equivalent representation. In this paper, we propose an automatic method to provide this redundancy using a security automaton as the main detection mechanism. This can enforce some trace properties on a smart card application, by using the combination of a static analysis and a dynamic monitoring. The security officer specifies the fragments of the code that must be protected against fault attacks and a program transformer produces an equivalent program that mesh a security automaton into the code according to the security requirements.

Guillaume Bouffard, Bhagyalekshmy N. Thampi, Jean-Louis Lanet

Virtual World Authentication Using the Smart Card Web Server

Virtual Worlds (VWs) are persistent, immersive digital environments, in which people utilise digital representation of themselves. Current management of VW identity is very limited, and security issues arise, such as identity theft. This paper proposes a two-factor user authentication scheme based on One Time Passwords (OTPs), exploiting a Smart Card Web Server (SCWS) hosted on the tamper-resistant Subscriber Identity Module (SIM) within the user’s mobile phone. Additionally, geolocation attributes are used to compare phone and PC locations, introducing another obstacle for an attacker. A preliminary security analysis is done on the protocol, and future work is identified.

Lazaros Kyrillidis, Graham Hili, Sheila Cobourne, Keith Mayes, Konstantinos Markantonakis

A More Efficient and Secure Authentication Scheme over Insecure Networks Using Smart Cards

In 2009, Xu et al. found that Lee et al.’s scheme is defenseless to offline password guessing attack. Xu et al. also indicated that Lee and Chiu’s scheme is unguarded to forgery attack. Moreover, Lee and Chiu’s scheme doesn’t achieve mutual authentication and thus cannot resist malicious server attack. Xu et al. proposed an improved scheme. In 2010 Anil K Sarje et al. shown that Xu et al.’s scheme is vulnerable to forgery attack and proposed an improved scheme which preserves the merits of Xu et al. scheme and resists various attacks. In this paper we will show that Anil K Sarje et al. scheme cannot avoid any of the attacks they claimed that their scheme will resists. We then present our enhanced scheme to fix the vulnerabilities found in Anil K Sarje et al. scheme and various related dynamic identity based authentication schemes while preserving their merits.

Chandra Sekhar Vorugunti, Mrudula Sarvabhatla

A Combined Crypto-steganographic Approach for Information Hiding in Audio Signals Using Sub-band Coding, Compressive Sensing and Singular Value Decomposition

In this paper, a new method of audio data security system is proposed, which uses the complementary services provided by steganography and cryptography. Here the audio data to be send secretly is encoded using the compressive measurements of the same and the resultant data is embedded in the perceptible band of the cover audio data using the SVD based watermarking algorithm. Thus the combination of these two methods enhances the protection against most serious attacks when audio signals are transmitted over an open channel. Decryption stage uses SVD based watermark extraction algorithm and L

1

optimization. Experimental results show that the combined system enhances the security of the audio data embedded.

G. Jyothish Lal, V. K. Veena, K. P. Soman

Random Key and Key Dependent S-box Generation for AES Cipher to Overcome Known Attacks

Advanced Encryption Standard (AES) block cipher system is widely used in cryptographic applications. A nonlinear substitution operation is the main factor of the AES cipher system strength. The purpose of the proposed approach is to generate random session keys and use these keys to generate S-boxes. The random key generation will overcome the brute force attack and the key dependent S-box will make cipher resistant to linear and differential cryptanalysis.

L. N. Pradeep, Aniruddha Bhattacharjya

Emulating a High Interaction Honeypot to Monitor Intrusion Activity

Intrusion activity monitoring is a complex task to achieve. An intruder should not be alerted about being monitored. A stealthy approach is needed, that does not alert the intruder about the presence of monitoring. Virtual Machine based High Interaction Honeypots help achieve stealthy monitoring. Most of the related research work use the concept of Virtual Machine Introspection that relies on System Call Interception. However most of these methods hook the sysenter instruction for interception of system calls. This can be defeated by an intruder since this is not the only way of making a system call. We have designed and implemented a High-Interaction Virtual Machine based honeypot using the open source tool Qebek. Qebek is more effective as it hooks the actual system call implementation itself. We have tested its capturability by running different types of malware. The Results obtained show that the system is able to capture information about processes running on the honeypot, console data and network activities, which reveal the maliciousness of the activities.

Anil Gopalakrishna, Alwyn Rosham Pais

On Pseudo-random Number Generation Using Elliptic Curve Cryptography

The recent branch of network security is Cryptography using Elliptic Curve Architectures which is based on the arithmetic of elliptic curves and discrete logarithmic problems. ECC schemes are public-key based mechanisms that provide encryption, digital signatures and key exchange algorithms. Elliptic curve algorithms are solely based on generation of random numbers which can be identified by pseudo-random number generator. This paper describes the mechanism of deriving random number and the possibilities of random number generator attack on ECC algorithms. The algorithm proposed here in can be used for generating random numbers in ECIES or any ECC based encryption decryption algorithm. Through the results obtained it is proved to be better in comparison to other algorithms.

Manali Dubal, Aaradhana Deshmukh

Exploiting Functional Models to Assess the Security Aspect in Embedded System Design

Conventionally, automotive embedded systems are assessed for evaluating various different aspects such as safety, functionality, and real-time. However, the inclusion of security aspect, which indeed is becoming increasingly important in modern day cars, has a significant impact on the above aspects, especially on functionality and real-time. This impact would be clearly visible in the functional model of the embedded system because including security features modifies the data flow in the system. Thus, the goal of this contribution is to assess and evaluate the security aspect in such systems by exploiting their functional models. Such an assessment further results in establishing a possible relation between real-time formal analysis and the existing security theory. For this, a formal approach well-known from real-time embedded domain is utilized in here.

Ingo Stierand, Sunil Malipatlolla

Design of CAPTCHA Script for Indian Regional Websites

To improve accessibility of Indian regional websites especially government websites content is offered in regional languages besides English language. However, these websites use CAPTCHA tests in English languages in regional language pages. This reduces usability and accessibility because non-native speakers of English language are required to pass CAPTCHA tests in English language. The accessibility of such websites can be improved substantially if secure CAPTCHA tests in regional languages are used. However, such an implementation is challenging as Indian regional languages are unique in many ways, are written differently and have different alphabets, glyphs, pronunciations, accents, etc. This paper reviews existing CAPTCHA scripts and Indian regional websites in terms of their usability, accessibility and multilingual support. It reports the design of CAPTCHA script in Hindi, Punjabi, Urdu and English languages which can be used to generate CAPTCHA tests in websites offering content in these languages. The designed CAPTCHA script offers features such as audio, localized onscreen keyboard, random patterns and fonts to improve usability and security.

M. Tariq Banday, Shafiya Afzal Sheikh

A Survey of Traditional and Cloud Specific Security Issues

The emerging technology popularly referred to as Cloud computing offers dynamically scalable computing resources on a pay per use basis over the Internet. Companies avail hardware and software resources as service from the cloud service provider as opposed to obtaining physical assets. Cloud computing has the potential for significant cost reduction and increased operating efficiency in computing. To achieve these benefits, however, there are still some challenges to be solved. Security is one of the prime concerns in adopting Cloud computing, since the user’s data has to be released from the protection sphere of the data owner to the premises of cloud service provider. As more Cloud based applications keep evolving, the associated security threats are also growing. In this paper an attempt has been made to identify and categorize the security threats applicable to Cloud environment. Threats are classified into Cloud specific security issues and traditional security attacks on various service delivery models of Cloud. The work also briefly discusses the virtualization and authentication related issues in Cloud and tries to consolidate the various security threats in a classified manner.

Sumitra Binu, Mohammed Misbahuddin

A Chaos Based Method for Efficient Cryptographic S-box Design

Substitution boxes are integral parts of most of the conventional block ciphering techniques such as DES, AES, IDEA, etc. The strengths of these encryption techniques solely depend upon the quality of their nonlinear S-boxes. Therefore, the construction of cryptographically strong S-boxes is always a challenge to build secure cryptosystems. In this paper, an efficient method for designing chaos-based cryptographic S-box is presented. The chaotically-modulated system trajectory of chaotic map is sampled and pretreated to generate an initial 8×8 S-box. Elements shuffling through random circular-rotation and zig-zag scan pattern are carried out to improve its quality. The experimental results of analyses such as bijectivity, nonlinearity, strict avalanche criterion, equiprobable input/output XOR distribution, etc., demonstrate that the proposed S-box has better cryptographic properties as compared to the recently proposed chaos-based S-boxes, which justify its effectiveness for the design of strong block cryptosystem.

Musheer Ahmad, Hitesh Chugh, Avish Goel, Prateek Singla

A Multicast Authentication Protocol (MAP) for Dynamic Multicast Groups in Wireless Networks

In this paper, we have proposed a centralized multicast authentication protocol (MAP) for dynamic multicast groups in wireless networks. In our protocol, a multicast group is defined only at the time of the multicasting. The authentication server (AS) in the network generates a session key and authenticates it to each of the members of a multicast group using the computationally inexpensive least common multiple (LCM) method. In addition, a pseudo random function (PRF) is used to bind the secret keys of the network members with their identities. By doing this, the AS is relieved from storing per member secrets in its memory, making the scheme completely storage scalable. The protocol minimizes the load on the network members by shifting the computational tasks towards the AS node as far as possible. The protocol possesses a membership revocation mechanism and is protected against replay attack and brute force attack. Analytical and simulation results confirm the effectiveness of the proposed protocol.

Parag J. Jambhulkar, Soumyadev Maity, Ramesh C. Hansdah

Clustering Based on Trust of a Node in Mobile Ad–Hoc NETworks

The nodes in Mobile ad hoc networks join and leave the networks dynamically. At some point of time there is a possibility of enormous increase in the size of the network. Handling nodes in big network may put a burden on network management schemes and may introduce delays in the network. Dividing big networks in small groups called clusters may prove to be a good solution for handling them in a better and efficient manner. As MANET (Mobile Ad hoc networks) are self organized, the challenge of achieving security is critical. Evolving and managing trust relationships among the nodes in the network are important to carry efficient transmissions. This work proposes a trust based clustering algorithm which forms a cluster of trusted nodes only. Criteria used to select the nodes are the trust value of a node, weight of a node and its residual energy. A trusted cluster gives a better performance in terms of increase in throughput of the network which is well supported by the results produced by this approach.

Pallavi Khatri, Shashikala Tapaswi, Udai P. Verma

A Novel Approach for Monitoring SQL Anti-Forensic Attacks Using Pattern Matching for Digital Forensic Investigation

Over the past few years the attacks on Software systems is increasing at an astonishing rate resulting in high revenue losses. Hence, Cyber/Digital forensics plays an important role by providing methods to acquire, asses, interpret, and use digital evidence to fetch conclusive details of cyber crime behavior. Recent trend in cyber crimes is the use of Anti-Forensic attacks to thwart the process of digital investigation by tampering the evidences.

The said system focuses on monitoring the Anti-Forensic attacks in the process of Digital Forensic Investigation. The system first identifies the different Anti-forensic attacks (Deletion /Modification /Hiding /Addition of evidences) by using a pattern matching algorithm, Finally the system effectively generates the reports and suggestions in accordance with the attacks. This system will prove helpful to the digital forensic investigators as well as other Government organizations in collecting post crime evidences and trace the identities of the attackers.

Vaibhav T. Patil, Amrita A. Manjrekar

Robust BPSO and Scene Change Based Digital Video Watermarking Algorithm in DWT-DFT-SVD Domain

This paper proposes a Binary Particle Swarm Optimization (BPSO) and scene change based watermarking algorithm where BPSO is used to identify the robust pixels into which the watermark is to be inserted. Different watermarks are inserted into frames belonging to different scenes identified using a scene change detection algorithm. The watermarked video is obtained by inserting the singular values of Discrete Wavelet Transform (DWT) + Discrete Fourier Transform (DFT) sub-bands of the watermark into the singular values of Discrete Wavelet Transform + Discrete Fourier Transform sub-bands of video frames. Experimental results show the promising performance of the proposed algorithm for watermarking. Peak Signal to Noise Ratio (PSNR) values for the watermarked video in the range of 45 dB to 50 dB and maximum correlation of 0.9998 are achieved.

Rahim Ansari, Mrutyunjayya Devanalamath, Maher Hussain, V. Punya Prabha

Slide Attacks against Iterated Hill Ciphers

In this paper we analyze two iterated Hill Cipher variants due to Sastry et al. The designers claim that their modifications to the classical Hill Cipher provide a high level of resistance to cryptanalysis. However, we describe how to break these iterated Hill Ciphers using a standard slide attack, and we present computational results from the implementation of our attack that confirm its effectiveness.

Liam Keliher, Samuel Thibodeau

Efficient Hierarchical Key Management Scheme Based on Polynomial Construction

In this paper, we propose a hierarchical key management scheme based on polynomial interpolation technique. We review the existing hierarchical key management schemes based on polynomial interpolation technique for public space, private space, key derivation cost and forward/backward security requirements. The proposed scheme has several features. Only one key is stored by the user of any security class. The key derivation process requires only one polynomial evaluation and hash computations. We compare the proposed scheme with the schemes based on polynomial interpolation and show that our scheme is efficient. Our proposed scheme satisfies backward secrecy and forward secrecy requirements upon new class addition and existing class deletion respectively. Only one polynomial construction is required for rekeying during new class addition and existing class deletion. The proposed scheme is secure against common subordinate and collaborative attacks.

B. R. Purushothama, B. B. Amberker

Hand Vein Authentication System Using Dynamic ROI

This paper presents an efficient authentication system based on hand vein pattern. The stages involved in vein pattern authentication system are image acquisition, Region of Interest (ROI) Extraction, image enhancement, binarization, thinning, feature extraction and matching. We propose an algorithm for extraction of dynamic ROI from the hand vein image. The advantage of dynamic ROI extraction is that, ROI extracted for different hand images varies in size as the size of the hand varies and is possible to extract more features from a larger hand which otherwise is not possible with fixed ROI. A new thinning algorithm is used to extract one pixel thick medial axis vein network from the dynamic ROI and compared the results with matlab’s thinning algorithm. The resulting thinned image may contain some artefacts, and we propose an algorithm to remove these artefacts. The minutiae features that represents the geometric information of the vein pattern is extracted which are bifurcation and ending points. Finally a matching algorithm is applied for authentication. The proposed system is efficient and got the lowest error rate.

Munaga V. N. K. Prasad, Ilaiah Kavati, Kanavu Ravindra

Vein Pattern Indexing Using Texture and Hierarchical Decomposition of Delaunay Triangulation

In biometric identification systems, the identity corresponding to the query image is determined by comparing it against all images in the database. This exhaustive matching process increases the response time and the number of false positives of the system; therefore, an effective mechanism is essential to select a small collection of candidates to which the actual matching process is applied. This paper presents an efficient indexing algorithm for vein pattern databases to improve the search speed and accuracy of identification. In this work, we generate a binary code for each image using texture information. A hierarchical decomposition of Delaunay triangulation based approach for minutiae is proposed and used with binary code to narrow down the search space of the database. Experiments are conducted on two vein pattern databases, and the results show that, while maintaining 100% Hit Rate, the proposed method achieves lower penetration rate than what existing methods achieve.

Ilaiah Kavati, Munaga V. N. K. Prasad, Chakravarthy Bhagvati

Short Attribute-Based Group Signature without Random Oracles with Attribute Anonymity

Attribute Based Group Signature (ABGS) scheme is a kind of group signature scheme where the group members possessing certain privileges (attributes) only are eligible for signing the document. There are ABGS schemes secure under random oracle models, have signature length linear in terms of number of attributes and do not provide

attribute anonymity

. We have come up with an ABGS scheme which provides

attribute anonymity

, has short signature length independent of number of attributes and proven that it is secure under the standard model.

Syed Taqi Ali, B. B. Amberker

Security Analysis of an Efficient Smart Card-Based Remote User Authentication Scheme Using Hash Function

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics and the smart card have been proposed in the literature. In 2012, Sonwanshi et al. proposed a password-based remote user authentication scheme using smart card, which uses the hash function and bitwise XOR operation. Their scheme is very efficient because of the usage of efficient one-way hash function and bitwise XOR operations. They claimed that their scheme is secure against several known attacks. Unfortunately, in this paper we find that their scheme has several vulnerabilities including the offline password guessing attack and stolen smart card attack. In addition, we show that their scheme fails to protect strong replay attack.

Ashok Kumar Das, Vanga Odelu, Adrijit Goswami

Formal Security Verification of a Dynamic Password-Based User Authentication Scheme for Hierarchical Wireless Sensor Networks

In 2012, Das et al. proposed a new password-based user authentication scheme in hierarchical wireless sensor networks [Journal of Network and Computer Applications 35(5) (2012) 1646-1656]. The proposed scheme achieves better security and efficiency as compared to those for other existing password-based user authentication schemes proposed in the literature. This scheme supports to change dynamically the user’s password locally at any time without contacting the base station or gateway node. This scheme also supports dynamic node addition after the initial deployment of nodes in the existing sensor network. In this paper, we simulate this proposed scheme for formal security verification using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. AVISPA tool ensures that whether a protocol is insecure against possible passive and active attacks, including the replay and man-in-the-middle attacks. Using the AVISPA model checkers, we show that Das et al.’s scheme is secure against possible passive and active attacks.

Ashok Kumar Das, Santanu Chatterjee, Jamuna Kanta Sing

Work-in-Progress

VM Profile Based Optimized Network Attack Pattern Detection Scheme for DDOS Attacks in Cloud

Cloud computing is a well-known internet platform based technology that provides access to rented, remotely located and distributed IT resources such as computing infrastructure, storage, online web and utility application on a pay per usage model. As it is a widely used service by individual users to corporate organizations and contains valuable data and applications, it is known to be vulnerable to risks and threats such as network level threats, host level threats and virtualization layer vulnerabilities etc. However for counterattacking these vulnerabilities traditional defense measures exists but are not efficient, scalable and optimized to be used in cloud. The paper identifies the drawbacks in the current schemes used for handling network attacks (primarily DDOS) and provides a new direction in which the same level of security capabilities for network can be obtained with minimal expense of resources which is the prime requirement for any scheme for being applicable in cloud environment. The paper describes a prototype implementation of the concept with details of experimental setup and initial results.

Sanchika Gupta, Padam Kumar

Implementation and Embellishment of Prevention of Keylogger Spyware Attacks

Internet has become the essential requirement of modern society. People using Internet frequently for their day to day work includes online banking transaction, email and online chat with friends etc. Malwares are very light programs, they are designed to cause harm to your system. Hackers can steal the credentials of your online banking account by the help of spyware (a kind of malware). Malware attacks are very often in Cyber World such kinds of attacks are very difficult to detect and defend. Keylogger spyware is a combined script attack. A keylogger spyware contains both scripts keylogger and spyware in a single program. A hacker can steal the credentials and confidential information from the infected user’s system by performing this attack. In this paper we have implemented a prevention mechanism for keylogger spyware attacks. It contains three phases keylogger spyware attack, honeypot based detection and prevention of keylogger spyware. The detection of keylogger spyware is performed by the help of honeypot. There is a honeypot agent program deployed in client’s system monitors malicious activities and reports them to the honeypot. All keylogger spyware attack related information sent by honeypot agent program is stored in the database maintained at honeypot. If a keylogger spyware program is detected in a system then it will be permanently removed by the help of prevention server. The implemented mechanism is capable to prevent such kind of attacks using a combination of malwares.

Mohammad Wazid, Robin Sharma, Avita Katal, R. H. Goudar, Priyanka Bhakuni, Asit Tyagi

Data Anonymization According to the Combination of Attributes on Social Network Sites

The popularity of social network sites has increased extremely during the previous years. Social network sites provide an intimacy interactive platform on the Internet for exchanging information among users. Users may disclose their ideas, comments, pictures or videos, secrets about their business or other private information that may be used by inappropriate user to threaten users’ future decisions or positions. Thus, the goal of this paper is to explain how users’ data can be anonymized to mitigate privacy concerns through information dissemination. The results depicts that although anonymization of data cannot protect the privacy of data completely, it can reduce the possibility of re-identification.

Sanaz Kavianpour, Bharanidharan Shanmugam, Zuraini Ismail

Secure Multimedia Transmission in P2P Using Recurence Relation and Evolutionary Algorithm

Distribution and sharing of multimedia contents is extensively higher in number as compared to other applications in Peer-to-Peer network. The prior work in the same issues is conducted to explore that there are comparatively few work done when it comes to ensuring security over transmitting multimedia contents over highly vulnerable P2P network. Therefore, this paper introduces a cost-effective and trivial model using recurrence relation of degree 2 and evolutionary algorithm for performing multimedia content encryption. A novel technique of performing encryption using a simple partitioning technique is used to ensure the security of the transmitted frames over any types of network. The novelty of the proposed system is that evolutionary algorithm is used for strengthening the encryption process further and final results were evaluated with respect to maximized entropy of frames, minimized Pearson Product Moment Correlation Coefficient (PPMCC) among the adjacent pixels and key analysis.

Ramesh Shahabadkar, Ramchandra V.Pujeri

Hybrid Approach for Improvising Credit Card Fraud Detection Based on Collective Animal Behaviour and SVM

The explosive growth of Information Technology in the last few decades has resulted in automation in every possible field. This has also led to electronic fund transfers and increased usage of credit cards and debit cards. Credit card fraud costs consumers and the financial industry billions of dollars annually. In this paper we propose a hybrid approach to credit card fraud detection, where a combination of supervised and unsupervised approaches was used to detect fraudulent transactions. This includes a behaviour based clustering approach where we use patterns from collective animal behaviours to detect the changes in the behaviour of credit card users to minimize the false positives. This approach also opens the avenue to predict the collective behaviours of highly organized crime groups involved in credit card fraud activities which as an option is not explored so far.

V. Dheepa, R. Dhanapal

Recent Trends in Collection of Software Forensics Artifacts: Issues and Challenges

Digital forensics helps an investigator to find traces of any malicious activity of user, done by using a particular piece of software. In recent years, analysis of computer software products has been done for collection of forensics artifacts, using traditional digital forensic approach. But as the traditional forensics has now been established as a standard, more people are familiar with the forensic processes. They know where traces can be left behind and how to get rid of them so as to eliminate possible evidence. Thus anti forensic techniques are imposing as disruptive challenge for investigators. In this paper we discuss recent trends in the field of artifacts collection and highlight some challenges that have made finding and collecting forensics artifacts a very hard job. We examine whether it is possible for a forensics investigator to rely on old traditional approach or not. Furthermore in conclusion we suggest possible solutions and new areas where we can find evidences.

Deepak Gupta, Babu M. Mehtre

Service Dependencies-Aware Policy Enforcement Framework Based on Hierarchical Colored Petri Net

As computer and network security threats become more sophisticated and the number of service dependencies is increasing, optimal response decision is becoming a challenging task for security administrators. They should deploy and implement proper network security policy enforcement mechanisms in order to apply the appropriate countermeasures and defense strategy.

In this paper, we propose a novel modeling framework which considers the service dependencies while identifying and selecting the appropriate Policy Enforcement Points during an intrusion response process. First, we present the security implications of the service dependencies that have been developed in the literature. Second, we give an overview of Colored Petri Nets (CPN) and Hierarchical CPN (HCPN) and its application on network security. Third, we specify our Service Dependencies-aware Policy Enforcement Framework which is based on the application of HCPN. Finally and to illustrate the advantage of our approach, we present a webmail application use case with the integration of different Policy Enforcement Points.

Yosra Ben Mustapha, Hervé Debar

Monitoring Information Leakage in a Web Browser

This paper outlines the potential problem of information leakage between programs running inside a web browser. A program to which user’s information is voluntarily provided can leak it to other malicious programs; likewise, a program may steal information from another program. A number of ways through which such leakage may take place using the operating system’s inter process communication mechanism is listed. The proposed solution includes a ’controller’ that monitors all processes running in a browser for their access to the kernel’s services through system calls, intercepts and thwarts an attempt at communication with another process.

Nemisha Sharma, Swati Kare, Sanket Chichani, Vidhi Naredi, Jyoti Nandimath, Arun Mishra, Arati Dixit

Securing Biometric Data with Visual Cryptography and Steganography

Visual cryptography is the technique used to encrypt the data which is in the form of visual information such as images. Since the biometric templates stored in the database is usually in the form of images, the visual cryptography can be efficiently employed to encrypt the templates from attacks. The technique of steganography is used in combination to the visual cryptography for imparting additional security to biometric data. The biometric information such as the private face image is decomposed into two shares and stored in separate database tables such that the private image can be revealed only when both shares are simultaneously available. Each individual share is covered with a different image which is selected from a public host image database. The LSB steganography is applied to keep the user name and password hidden inside the final shares of visual cryptographic phase there by provides a mutually interconnected security mechanism.

Deepak Aeloor, Amrita A. Manjrekar

Forensics Analysis of Sandboxie Artifacts

SandBox is an isolated environment nowadays being used as an anti-forensics tool by many (criminals) to perform malicious activity. The paper investigates the effectiveness of sandbox environment in widely used tool named as Sandboxie, and outline how to perform investigation when this tool is used to perform a criminal or illegal act. For the purpose of experimental investigation we have considered two test cases and several scenarios. In the first case we assumed that user simply used sandboxie and terminated it, while in second case we assumed the user also deleted the sandboxie contents after using it. In this investigation process, first common places where evidences are usually found in general scenarios are examined, and then other locations in local machine are examined using special forensics tools. Also the main/physical memory (RAM) is captured and examined for traces. Through these experiments we showed that no trails could be found in common places for any activity if a user deletes his sandboxie content. However, the complete isolation does not occur and some traces can be found into the main memory (RAM) as well as in unallocated clusters on the disks. This is a valuable evidence for digital investigator.

Deepak Gupta, B. M. Mehte

An Improved Secure Communication Scheme Using Adaptive Parameter Synchronization

An improved secure communication scheme based on adaptive parameter synchronization of the Rossler systems is proposed. Some additive parameters are introduced, which are used for chaos shift keying. It is shown that the synchronization time scale can be made much smaller than the chaotic oscillation time scale of the transmitting oscillator. The advantages of a communication scheme based on this rapid synchronization are analytic simplicity, rapid parameter convergence leading to greater speed of communication, avoidance of chaotic fluctuations in the parameters before convergence, and enhanced security. These advantages are demonstrated by comparison with a similar communication scheme having synchronization time greater than the chaotic oscillation time scale.

Arti Dwivedi, Ashok K. Mittal, Suneet Dwivedi

A Side View Based Video in Video Watermarking Using DWT and Hilbert Transform

In this paper, an efficient side view based video in video watermarking technique using DWT and Hilbert transform has been proposed. First, convert the cover video to side-view video using pre-processing steps. This pre-processing helps to switch the frames video references with dimensions equivalent to the number of frames like width and the same height than the original video. The proposed algorithm is a non-blind watermarking algorithm, means that the receiver needs the original host data in order to extract the watermark from the received watermarked video. The experimental result shows that, the algorithm runs with good imperceptibility levels, with an average PSNR value 42. It also robust against most of the attacks such as image processing, geometrical and video processing attacks when compared to the existing video watermarking techniques.

Loganathan Agilandeeswari, K. Ganesan, K. Muralibabu

Malware Detection Using API Function Frequency with Ensemble Based Classifier

Malicious code, known as malware, when executed can steal information, damage the system or may cause unavailability of system resources. In order to safeguard information systems from malware, effective detection of malware is a top priority task. Malware exhibits malicious behaviors like connecting to a remote host, downloading file from remote host, creating file in system directory etc. These behaviors can be mapped to functions used by malicious files which are imported from system’s dynamic link libraries i.e. Application programming interface (API) functions. Hence, we propose a technique to detect malware using API function frequency as feature vector for classifying malicious file. We use Ensemble based classifier for classification, as it is proven to be stable and robust classification technique. Experiments are conducted over 200 files and the technique classified malicious files effectively. Bagging used in ensemble classifier provides better results as compared to ensemble boosting. Comparison with other known techniques is also listed.

Pratiksha Natani, Deepti Vidyarthi

Privacy Issues in Single and Multi–hop Wireless Mesh Network

Wireless mesh networks (WMN) provide fine solutions for commercial, personal and corporate purposes since it has the features of self-configuration, instantly deployable, low-cost. Mesh network utilizes the open medium property of Wireless channel, has a fixed topology, the limited network size and thus it is prone to attacks. Wireless network security protocols are easily prone to attacks such as brute-force attacks in case of wired equivalent privacy (WEP) and to some extent Wi-Fi Protected Access (WPA) as well. we are designing a layered encryption technique referred to as Onion that will make it more secure against global adversary attacks.

Sagar Kakade, Ravi Sawant, Deepak C. Karia

Scalable Key Transport Protocol Using Chinese Remainder Theorem

In any conditional access system, the broadcast content is encrypted with the secret key to protect it from unauthorized users. The secret key is shared by server and a authorized user and a key transport protocol is used to transfer the secret key securely to these users. In this paper we introduce a scalable key transport protocol based on Chinese remainder theorem for single as well as multiple access control. In this protocol, user or user device has to carry only two keys. To decode the broadcast message, only one modular division and one decryption is sufficient. The main advantage of our scheme is that, a server can update the scrambling key or group key in one message, without changing user’s key. The proposed protocol is scalable and it can be used for multiple access control, which is useful in Pay TV, without increasing communication and computation overhead on user as well as the server.

Manisha Y. Joshi, R. S. Bichkar

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise