Ameer Al-Nemrat

Fast authentication in wireless sensor networks

Broadcast authentication is a fundamental security service in wireless sensor networks (WSNs). Although symmetric-key-based µ TESLA -like schemes were employed due to their energy efficiency, they all suffer from DoS attacks resulting from the nature of delayed message authentication. Recently, several public-key-based schemes were proposed to achieve immediate broadcast authentication that may significantly improve security strength. However, while the public-key-based schemes obviate the security vulnerability inherent to symmetric-key-based µ TESLA -like schemes, their signature verification is time-consuming. Thus, speeding up signature verification is a problem of considerable practical importance, especially in resource-constrained environments. This paper exploits the cooperation among sensor nodes to accelerate the signature verification of vBNN-IBS, a pairing-free identity-based signature with reduced signature size. We demonstrate through on extensive performance evaluation study that the accelerated vBNN-IBS achieves the longest network lifetime compared to both the traditional vBNN-IBS and the accelerated ECDSA schemes. The accelerated vBNN-IBS runs 66 % faster than the traditional signature verification method. Results from theoretical analysis, simulation, and real-world experimentation on a MICAz platform are provided to validate our claims. Exploit the cooperation between nodes to accelerate the signature verification.The accelerated scheme allows a longer network lifetime.The new scheme saves up to 45% of the energy drained during the verification.The accelerated scheme runs 66% faster than the traditional signature verification.Theoretical analysis, simulation, and real-world experimentation were conducted.

Sufficiency of Windows Event log as Evidence in Digital Forensics

The prevalence of computer and the internet has brought forth the increasing spate of cybercrime activities; hence the need for evidence to attribute a crime to a suspect. The research therefore, centres on evidence, the legal standards applied to digital evidence presented in court and the main sources of evidence in the Windows OS, such as the Registry, slack space and the Windows event log. In order to achieve the main aim of this research, cybercrime activities such as automated password guessing attack and hacking was emulated on to a Windows OS within a virtual network environment set up using VMware workstation. After the attack the event logs on the victim system was analysed and assessed for its admissibility (evidence must conform to certain legal rules), and weight (evidence must convince the court that the accused committed the crime).

Analyzing Human Factors for an Effective Information Security Management System

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, security is not solely a technical problem; rather, the authors need to understand human factors, which need adequate attention to achieve an effective information security management system practice. This paper identifies direct and indirect human factors that have impact on information security. These factors were analyzed through the study of two security incidents of the UK’s financial organizations using the SWOT (Strength, Weaknesses, Opportunities, and Threats) technique. The study’s results show that human factors are the main causes for these security incidents. Factors such as training, awareness, and security culture influence organizational strength and opportunity relating to information security. People’s irrational behavior and errors are the main weaknesses highlighted in security incidents, which pose threats such as poor reputation and high costs. Reza Alavi University of East London, UK Shareeful Islam University of East London, UK Hamid Jahankhani University of East London, UK Ameer Al-Nemrat University of East London, UK

Supporting LTE Networks in Heterogeneous Environment Using the Y-Comm Framework

There are two trends in the research to develop future networks. While the first aims to introduce new technologies such as the Long Term Evolution (LTE) and WiMAX with high-speed data. The second aimed at providing clients with a ubiquitous connectivity via proposing new communication architectures to integrate different networking technologies and enabling mobile devices to switch seamlessly between them. Examples of such architectures are Y-Comm, Mobile Ethernet and IEEE 802.21. In this paper we will show how these research trends could be integrated. This is achieved by discussing how future communication frameworks like Y-Comm could fulfil the requirements and provide the functionalities of newly introduced technologies such as UMTS and LTE networks.

ARP Cache Poisoning Mitigation and Forensics Investigation

Address Resolution Protocol (ARP) cache spoofing or poisoning is an OSI layer 2 attack that exploits the statelessness vulnerability of the protocol to make network hosts susceptible to issues such as Man in the Middle attack, host impersonation, Denial of Service (DoS) and session hijacking. In this paper, a quantitative research approach is used to propose forensic tools for capturing evidences and mitigating ARP cache poisoning. The baseline approach is adopted to validate the proposed tools. The evidences captured before attack are compared against evidences captured when the network is under attack in order to ascertain the validity of the proposed tools in capturing ARP cache spoofing evidences. To mitigate the ARP poisoning attack, the security features DHCP Snooping and Dynamic ARP Inspection (DAI) are enabled and configured on a Cisco switch. The experimentation results showed the effectiveness of the proposed mitigation technique.

Securing address registration in location/ID split protocol using ID-based cryptography

The Locator/ID Separation Protocol (LISP) is a routing architecture that provides new semantics for IP addressing. In order to simplify routing operations and improve scalability in future Internet, the LISP separates the device identity from its location using two different numbering spaces. The LISP also, introduces a mapping system to match the two spaces. In the initial stage, each LISP-capable router needs to register with a Map Server, this is known as the Registration stage. However, this stage is vulnerable to masquerading and content poisoning attacks. Therefore, a new security method for protecting the LISP Registration stage is presented in this paper. The proposed method uses the ID-Based Cryptography (IBC) which allows the mapping system to authenticate the source of the data. The proposal has been verified using formal methods approach based on the well-developed Casper/FDR tool.

Malicious Code Detection Using Penalized Splines on OPcode Frequency

Recently, malicious software are gaining exponential growth due to the innumerable obfuscations of extended x86 IA-32 (OPcodes) that are being employed to evade from traditional detection methods. In this paper, we design a novel distinguisher to separate malware from benign that combines Multivariate Logistic Regression model using kernel HS in Penalized Splines along with OPcode frequency feature selection technique for efficiently detecting obfuscated malware. The main advantage of our penalized splines based feature selection technique is its performance capability achieved through the efficient filtering and identification of the most important OPcodes used in the obfuscation of malware. This is demonstrated through our successful implementation and experimental results of our proposed model on large malware datasets. The presented approach is effective at identifying previously examined malware and non-malware to assist in reverse engineering.

Cybercrime Victimisations/Criminalisation and Punishment

With the increased of use of the internet as a means of sharing information, the need to protect and preserve the confidentiality and integrity of data is ever more evident. The digital age provides not only established criminals with new ways of committing, but also has empowered previously non deviant individuals, into new cyber criminal behaviour. Many individuals are unaware of online threats and many fail to take advantage of precautionary measures to protect themselves from risks when they are online. Therefore, individuals consistently underestimate their risk of becoming victims or underestimate the punishment that may face if they are engaged on online deviant behaviour. This ongoing research has found that there is a relationship between individual’s perception of cybercrime law and cybercrime victimisation and/or criminalisation.

Global E-Security

Today our commonwealth is protected by firewalls rather than firepower. This is an issue of global importance as new technology has provided a world of opportunity for criminals. As a consequence law enforcement agencies all over the world are struggling to cope. Therefore, today’s top priority is to use computer technology to fight computer crime.

Analysis of firewall log-based detection scenarios for evidence in digital forensics

With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1) admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts; 2) weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack.