EC2ND 2006 (eBook)

Title Page 3
Copyright page 4
Dear Delegates 5
Table of Contents 
7 
Section I: Computer Network Defence 8
Efficient Sampling of the Structure of Crypto Generators' State Transition Graphs 
9 
1 Introduction 9
2 Relevant Facts and Previous Work 10
3 Efficient Sampling 12
4 Experimental Results 14
4.1 Performance Results 14
4.2 Generator Properties 15
5 Conclusions and Future Work 18
References 18
Mandatory Access Control applications to web hosting 19
1. Introduction 19
2. Hosting: security and performance issues 20
2.1. Virtual hosting of dynamic sites with Apache 20
2.1.1. CGI performance and security issues 20
2.1.2. Server-side scripting performance and security issues 21
2.2. PHP and suPHP 21
3. Security-enhanced suPHP 22
3.1. SELinux basic concepts 22
3.2. Design of base policies for domain operation 23
3.3. Module-invoked domain transition 24
3.4. Wrapper-invoked domain transition 25
3.5. Policy-driven domain transition 26
4. Implementation 26
4.1. Configuration notes 26
4.2 Performance evaluation 27
5. Conclusions 28
References 28
Outsourcing Security Services for Low Performance Portable Devices 
29 
1 Introduction 29
2 Architecture of the security proxy 30
3 Outsourced authentication 31
4 Routing issues 31
5 Security Proxy Control Protocol 33
5.1 Communication between the portable device and the security proxy 33
5.2 Communication between the security proxy and the router 34
5.3 Example: establishing an IPSec session 34
6 Security issues 35
7 Results 36
8 Summary 37
9 Acknowledgements 37
References 38
Public Verifiable Multi-sender Identity Based Threshold Signcryption 
39 
1 Introduction 39
1.1 Threshold Cryptography 39
1.2 Identity Based Signcryption with Public Verifiability 39
1.3 Related works and Our Contributions 40
2 Preliminaries 40
2.1 Pairings and Quadratic Residue 40
2.2 Protocol Emulation 41
3 Multi-sender Threshold Signcryption Model and Security Requirements 
41 
3.1 System Model 41
3.2 Security Requirements 42
4 The Proposed Original Signcryption 42
5 The Proposed Threshold Signcryption 42
6 Efficiency Analysis 43
7 Security Proofs 43
7.1 The Security of the Original Signcryption 44
7.2 The Security of the Threshold Signcryption 44
8 Conclusion 45
References 45
A Discussion on the Role of Deception in Information Operations for the Defence of Computer Networksa 
49 
1. Introduction 49
2. Elements of Deception in Conventional Warfare and Information Operations 
50 
3. Towards the Integration of Deception in Computer Networks 53
4. Conclusions 56
References 56
A New Approach to Understanding Information Assurance 
59 
1 Introduction 59
2 The Meaning of Security 59
3 Understanding Security Requirements 60
4 Business Impact versus Security 61
4.1 Product Assurance 62
4.2 Service Assurance 62
4.3 System Assurance 63
4.4 System Configuration Test 63
4.5 Compliance Process 64
4.6 Crypto Assurance 64
4.7 Protective Marking 65
5 Conclusion 65
6 Acknowledgements 65
7 References 65
Robust Public Key Cryptography - A New Cryptosystem Surviving Private Key Compromise 
67 
1. Introduction 67
2. Robust Public Key Cryptography 67
3. Blind Key Algorithm 69
4. Proving N=M 70
5. Breaking the Security 71
6. Conclusion 72
References 72
Section II: Digital Forensics & Incident Analysis
73 
Review of Forensic Tools for Smartphones 74
1. Introduction 74
2. Generic Smart Phone overview 76
2.1. Removable media 77
2.2. The Subscriber Identity Module (SIM) Types 79
2.3. SIM Card Contents 
81 
3. Forensic Tools 82
3.1 Handset Based Tools 82
3.2 OS Based Tools 83
3.3 SIM Based Tools 84
3.4. SIM Contents Recovery 85
3.5. Review of flaws and weaknesses 
85 
3.5.1 GSM SIM Requirement Bypass Mechanism 
85 
3.5.2 User Login 86
3.5.3. Reports 86
3.5.4. Viewing and Antivirus 86
3.5.5. Hardware Standardization 86
3.5.6. Timeline 87
3.5.7. Password Recovery 87
Conclusions 87
References 87
Oscar - Using Byte Pairs to Find File Type and Camera Make of Data Fragments 
90 
1 Introduction 90
2 Method 91
2.1 2-gram Oscar 92
2.2 Advantages and Disadvantages 92
3 Evaluation 93
3.1 File type identification 93
3.2 Camera recognition 94
4 Result and Discussion 94
4.1 File type identification 95
4.2 Camera recognition 95
4.3 Discussion 96
5 Related Work 97
6 Conclusion and Future Work 98
References 98
An empirical methodology derived from the analysis of information remaining on second hand hard disks. 
100 
1 Introduction 100
2 Forensic Race 101
3 A proposal for an empirical approach 103
3.1 Further details about the methodology 104
4 Advantages of the proposed methodology 105
4.1 Providing some examples 106
5 Conclusions 108
5.1 Acknowledgements 108
References 108
Towards Trustable Digital Evidence with PKIDEV: PKI Based Digital Evidence Verification Modeli 
109 
1 Introduction 109
2 Challenges 110
3 Shortcomings of Digital Signatures and PKI 111
4 Related Work 112
5 PKIDEV Model 112
5.1 Components of the Model 113
5.2 How PKIDEV Model Works 114
6 Benefits of the Model 116
7 Conclusion and Future Work 117
References 118
Professionalism in Computer Forensics 119
1. Introduction 120
2. Professionalism in Computing 121
3. Positioning Computer Forensics 121
4. Professional Issues in Computer Forensics 123
5. Certification in Computer Forensics 
125 
6. Continuous Professional Conduct 126
7. Consideration of Post Traumatic Stress Disorder 126
8. Practitioner Framework for Professionalism in Computer Forensics 
127 
9. What can Universities do? 127
10. Future Development 128
11. Summary 128
References 128

"A New Approach to Understanding Information Assurance (p. 53-54)

Abstract: The growth of technologies such as ubiquitous and the mobile computing has resulted in the need for a rethinking of the security paradigm. Over the past forty years technology has made fast steps forward, yet most organisations still view security in terms of Confidentiality, Integrity and Availability (CIA). This model of security has expanded to include NonRepudiation and Authentication. However this thinking fails to address the social, ethical and business requirements that the modem use of computing has generated.

Today computing devices are integrated into every facet of business with the result that security technologies have struggled to keep pace with the rate of change. In this paper we will argue that the currently view that most organisations/stakeholders have of security is out-of-date, or in some cases wrong, and that the new view of security needs to be rooted in business impact and business function.

1 Introduction

The growth of technologies related to remote/distance working has lead to the creation of ubiquitous computing and the GRID. GRID and ubiquitous computing function by distributing the processes and storage capacity across a network. This move towards distributed computing has pushed organisations towards the use of shared resources and shared infrastructure. This drive towards co-operative working and resource/infrastructure sharing has resulted in the need to re-think and re-assess the meaning of terms like information assurance, threat and risk management.

2 The Meaning of Security

Before the advent of the personal computer if you wanted to use a computer then you had to make use of a main-frame. These were large computers that where housed in large computer rooms, and costs millions of dollars. The rainbow book series was a series of books that came out of the US Department of Defense .

The Orange book attempted to provide a semantic interpretation of security. It achieved this through the imposition of an ontological framework that allows us to structure and formally represented our understanding of security. This ontological framework views security from a technical/mathematical perspective and lead to the creation of the Bell-LaPadula module of security [5].

Later standards such as ITSEC and Common-Criteria have moved towards a more function descriptive view of security that is cognizant of growth of personal computing devices . While other standards such as BS7799 and ISO-2700 I [2] have attempted to approach security from a business perspective. However all of these standards start from an assumption that the stakeholder who owns the security problem is fully aware of what their security requirements are, and thus is full able to articulate them. In this paper we will present a new meaning of security based upon the concept of business impact upon a set of seven assurance requirements. The term business impact is defined as follows:

"The result of an information security incident on business functions and the effect that a business interruption might have upon them.""