Michael Losavio

Cyber security challenges in Smart Cities: Safety, security and privacy

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

Gap Analysis: Judicial Experience and Perception of Electronic Evidence

ABSTRACT A gap exists where digital forensics bridges computer science and judicial process. Whatever the results of digital forensics analysis, the analyst must be prepared to present and defend that analysis in court. A survey of state general jurisdiction judges found that most had little or no electronic evidence tendered in their cases, those that did saw few challenges to that electronic evidence and most expected to see the use of such evidence increase in the coming years. But most judges had little or minimal training in handling electronic evidence and most desired moderate or extensive training in this area. This gap in experience and training with digital forensics must be addressed to maintain the legitimacy and effectiveness of the discipline.

Prevalence, Use, and Evidentiary Issues of Digital Evidence of Cellular Telephone Consumer and Small-Scale Digital Devices

ABSTRACT Digital systems are found in a number of casual consumer tools, including cellular telephones. Their prevalence in society is matched by a growing presence as evidence in civil and criminal court cases. The current survey research suggests that cell phones and their potential evidence may be found in over half of all violent crime and even more substantially in drug crimes in some jurisdiction. The police commander respondents to this survey reported that cell phones had been used as evidence via lay testimony and expert analysis in their jurisdictions. Such evidence may face increasing judicial challenges in the future as the specialized nature of the analysis, even with commercially available, easy-to-use practices, goes “well beyond that of the average layperson.” Digital forensics analysts must be prepared to provide both proper lay testimony on cell phones as well as details and justifications for their own tools, techniques, and qualifications as required by Daubert and Federal Rule of Evid...

Node-Based Probing and Monitoring to Investigate Use of Peer-to-Peer Technologies for Distribution of Contraband Material

We consider the requirements for node-based probing and monitoring for network forensic investigation of the use of peer-to-peer technologies for distribution of contraband material. The architecture of peer-to-peer (P2P) data exchanges must be examined for opportunities to capture data on the transfer of contraband data with a focus on node structures in P2P exchanges. This examination is of technical, social and legal aspects of P2P use leading to the design and testing offorensically-sound investigative tools and protocols. Computational research must examine: 1. Undercover Node-based Probing and Monitoring to Build an Approximate Model of Network Activity 2. Flagging Contraband Content (keyword, hashes, other patterns) 3. Evaluation against different recipient querying, distribution and routing cases 4. Using the Evaluation results to fine-tune the node positioning strategy Legal and social research is needed to examine the U.S. and transnational legal constraints on the use of particular tools and the presence of possible behavioral signatures.

The law of possession of digital objects: dominion and control issues for digital forensics investigations and prosecutions

The possession of digital objects defines rights and liabilities of the possessor. The nature of digital data, networked systems and data security suggest review of the fundamental concept as applied to digital objects. Possession of digital objects may be separate and distinct from physical possession of storage media and systems. Failure to address this risks error based on misleading evidence as to possession.

Why digital forensics is not a profession and how it can become one

ABSTRACT Digital forensics (DF) has existed since the 1970s when industry and government first began developing tools to investigate end users engaging in Web-enabled financial fraud. Over the next 40 years, DF evolved until, in 2010, the National Research Council ‘officially’ recognized DF as a forensic discipline. Over its evolution, DF developed some of the traits of a profession, which sociologists suggest include the following: (1) specialized knowledge; (2) specialized training; (3) work that is of great value; (4) credat emptor (‘let the buyer trust’) relations with clients; (5) a code of professional ethics; (6) cooperative relations with other members; (7) high levels of autonomy; and (8) self-regulation. This paper reviews the development of DF and argues that despite making strides, DF has not yet achieved the status of a profession as described by social scientists, and that it will not achieve that status until it remedies several deficiencies and addresses impediments preventing it from attaining that status, including the perceived low social status of the field’s clientele and an inability of the field to convince the public it occupies a unique place within the larger division of labor in society.

Challenge--Construction of an Adequate Digital Forensics Testbed

The challenge - what is an adequate laboratory specification for emulating network attacks and experimenting with network forensics, other digital forensics techniques and social behavioral traits? Could published specifications for different scales of research assist in research development? Is the specification described here adequate for research purposes? What additional considerations are needed for simulating network attacks and validating forensic tools?

Non-Technical Manipulation of Digital Data

This paper investigates basic issues related to the use of digital evidence in courts. In particular, it analyzes the basic legal test of authenticity of evidence with respect to an e-mail tool that can be used to manipulate evidence. The paper also examines the experiences and perceptions of U.S. state judicial officers regarding digital evidence, and reviews case law on how such evidence might be tested in the courts. Finally, it considers ethical and social issues raised by digital evidence and the mitigation of problems related to digital evidence.

The legal/juridical space of computer games: From intellectual property to intellectual freedom

Computer games may seem mere entertainments, but they are a multi-billion dollar global business of multi-media stories that, beyond entertainment, teach, edify and offend. As with their predecessors - stories, poetry, song, books, cinema and video - the art, politics and business of their creation and commerce have substantial impact in the modern world. In response, the laws of modernity impact computer games. We examine how computer gaming is engaged in the transnational legal regime of intellectual property, personal and state rights and intellectual freedom.

Does Profiling Make Us More Secure

“Profiling” means making predictions about likely user behavior based on collected characteristics and activities. Shari Lawrence Pfleeger and Marc Rogers brought together a group of researchers from a variety of disciplines to discuss whether profiling and prediction actually make us secure.