Craig Valli

The 2007 Analysis of Information Remaining on Disks Offered for Sale on the Second Hand Market

All organisations, whether in the public or private sector, increasingly use computers and other devices that contain computer hard disks for the storage and processing of information relating to their business, their employees or their customers. Individual home users also increasingly use computers and other devices containing computer hard disks for the storage and processing of information relating to their private, personal affairs. It continues to be clear that the majority of organisations and individual home users still remain ignorant or misinformed of the volume and type of information that is stored on the hard disks that these devices contain and have not considered, or are unaware of, the potential impact of this information becoming available to their competitors or to people with criminal intent. This is the third study in an ongoing research effort that is being conducted into the volume and type of information that remains on computer hard disks offered for sale on the second hand market. The purpose of the research has been to gain an understanding of the information that remains on the disk and to determine the level of damage that could, potentially be caused, if the information fell into the wrong hands. The study examines disks that have been obtained in a number of countries to determine whether there is any detectable national or regional variance in the way that the disposal of computer disks is addressed and to compare the results for any other detectable regional or temporal trends.

Malware Forensics: Discovery of the Intent of Deception

Malicious software (malware) has a wide variety of analysis avoidance techniques that it can employ to hinder forensic analysis. Although legitimate software can incorporate the same analysis avoidance techniques to provide a measure of protection against reverse engineering and to protect intellectual property, malware invariably makes much greater use of such techniques to make detailed analysis labour intensive and very time consuming. Analysis avoidance techniques are so heavily used by malware that the detection of the use of analysis avoidance techniques could be a very good indicator of the presence of malicious intent. However, there is a tendency for analysis tools to focus on hiding the presence of the tool itself from being detected by the malware, and not on recording the detection and recording of analysis avoidance techniques. In addition, the coverage of anti-anti-analysis techniques in common tools and plugins is much less than the number of analysis avoidance techniques that exist. The purpose of this paper is to suggest that the discovery of the intent of deception may be a very good indicator of an underlying malicious objective of the software under investigation.

Honeypot technologies and their applicability as a strategic internal countermeasure

Honeypot technologies are proving successful in mitigating against external attackers and there is significant literature for their deployment and development as external facing countermeasures. Very little research has been done on their suitability or adaptability as an internally deployed countermeasure. This paper explores issues with the deployment and design of honeypot technologies as an internal countermeasure to insider malfeasance.

SSH: somewhat secure host

Honeypots are a proven technology for network defence and forensics. This paper focuses on attacks directed to network devices that utilise SSH services. The research uses the SSH honeypot Kippo to gather data about attacks on the SSH service. Kippo uses python and SSL to generate mock SSH services and also provides a filesystem honeypot for attackers to interact with. The preliminary research has found that attacks of this type are manifest, have a variety of profiles and may be launched from a variety of platforms.

Insecurity by Obscurity: A Review of SoHo Router Literature from a Network Security Perspective

Because of prevalent threats to SoHo based ADSL Routers, many more devices are compromised. Whilst an end-user may be at fault for not applying the appropriate security mechanisms to counter these threats, vendors should equally share the blame. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and willingness to implement security controls on their ADSL router. It argues that whilst the number of threats circulating the Internet is increasing, vendors are not improving their product literature.

Non‐business use of the WWW in three Western Australian organisations

This paper is an outline of findings from a research project investigating the non‐business use of the World Wide Web in organisations. The study uncovered high non‐business usage in the selected organisations. Pornography and other traditionally identified risks were found to be largely non‐issues. MP3 and other streaming media and potential copyright infringement were found to be problematic. All organisations had end‐users displaying behaviours indicating significant, deliberate misuse that often used a variety of covert techniques to hide their actions.

Ignorant Experts: Computer and Network Security Support from Internet Service Providers

The paper examines the advice and support provided by seven major Internet Service Providers in Australia through late 2009 and early 2010 in relation to computer and network security. Previous research has indicated that many end-users will attempt to utilise the support provided by Internet Service Providers as a simple and effective method by which to obtain key information in regards to computer security. This paper demonstrates that in many cases the individuals working at the help desk are either reluctant to provide IT security support or have insufficient skill to provide the correct information.

A fingerprint and finger-vein based cancelable multi-biometric system

Fingerprint and finger-vein based cancelable multi-biometric template design.Flexible feature-level fusion strategy with three fusion options.Enhanced partial discrete Fourier transform based non-invertible transformation.High-performing cancelable multi-biometric templates with strong security. Compared to uni-biometric systems, multi-biometric systems, which fuse multiple biometric features, can improve recognition accuracy and security. However, due to the challenging issues such as feature fusion and biometric template security, there is little research on cancelable multi-biometric systems. In this paper, we propose a fingerprint and finger-vein based cancelable multi-biometric system, which provides template protection and revocability. The proposed multi-biometric system combines the minutia-based fingerprint feature set and image-based finger-vein feature set. We develop a feature-level fusion strategy with three fusion options. Matching performance and security strength using these different fusion options are thoroughly evaluated and analyzed. Moreover, compared with the original partial discrete Fourier transform (P-DFT), security of the proposed multi-biometric system is strengthened, thanks to the enhanced partial discrete Fourier transform (EP-DFT) based non-invertible transformation.

On 802.11 Access Point Locatability and Named Entity Recognition in Service Set Identifiers

The 802.11 active service discovery mechanism requires the transmission of various attributes in a plain text. These attributes can be collected using passive monitoring and can be used to enumerate the preferred network list (PNL) of client devices. In this paper, we focus on the information that can be obtained using the service set identifiers (SSIDs) that make up the PNL. First, we describe a simple model based on a wireless access point geolocation technique to gauge the potential device locatability using data available on WiGLE.net. Second, we look at additional information that can be extracted from the SSID strings. Our hypothesis is that the entities of potential interest, such as locations and personal names contained within SSIDs, can be recognized in an automated fashion. Using two freely available pretrained named entity recognizers, we were able to identify up to 49% of SSIDs as possibly carrying entities of interest based on multiple data sets. We also show that extracted attributes can be used as an inference basis for additional inference attacks, which presents further opportunities in forensic and intelligence contexts.

Security Issues with BACnet Value Handling.

Building automation systems, or building management systems, control services such as heating, airconditioning and security access in facilities. A common protocol used to transmit data regarding the status of components is BACnet. Unfortunately, whilst security is included in the BACnet standard, it is rarely implemented by vendors of building automation systems. This lack of attention to security can lead to vulnerabilities in the protocol being exploited with the result that the systems and the buildings they control can be compromised. This paper describes a proof-of-concept protocol attack on a BACnet system and examines the potential of modeling the basis of the attack.