Nurul Hidayah Ab Rahman

A survey of information security incident handling in the cloud

Incident handling strategy is one key strategy to mitigate risks to the confidentiality, integrity and availability (CIA) of organisation assets, as well as minimising loss (e.g. financial, reputational and legal) particularly as organisations move to the cloud. In this paper, we surveyed existing incident handling and digital forensic literature with the aims of contributing to the knowledge gap(s) in handling incidents in the cloud environment. 139 English language publications between January 2009 and May 2014 were located by searching various sources including the websites of standard bodies (e.g. National Institute of Standards and Technology) and academic databases (e.g. Google Scholar, IEEEXplore, ACM Digital Library, Springer and ScienceDirect). We then propose a conceptual cloud incident handling model that brings together incident handling, digital forensic and the Capability Maturity Model for Services to more effectively handle incidents for organisations using the cloud. A discussion of open research issues concludes this survey. Display Omitted Survey of incident handling strategy and standards.Cloud security incident handling strategy.The role of digital forensics in incident handling.A conceptual cloud incident handling model.Research trends and future research directions.

Forensic-by-Design Framework for Cyber-Physical Cloud Systems

As businesses continue to offer customers and employees increased access, improved software functionality, and continued improvements in supply chain management opportunities, it raises the risk of cyber-physical attacks on cyber-physical cloud systems (CPCS). In this article, the authors discuss the challenges associated with a CPCS attack and highlight the need for forensic-by-design, prior to presenting their conceptual CPCS forensic-by-design model. The six factors of the framework are discussed, namely, risk management principles and practices, forensic readiness principles and practices, incident handling principles and practices, laws and regulation, CPCS hardware and software requirements, and industry-specific requirements. Future research topics are also identified.

Cloud incident handling and forensic-by-design: cloud storage as a case study

Information security incident handling strategies or models are important to ensure the security of organisations, particularly in cloud and big data environments. However, existing strategies or models may not adequate as cloud data are generally virtualised, geographically distributed and ephemeral, presenting both technical and jurisdictional challenges. We present an integrated cloud incident handling and forensic‐by‐design model. We then seek to validate the model using a set of controlled experiments on a cloud‐related incident. Three popular cloud storage applications were deployed namely, Dropbox, Google Drive, and OneDrive. This study demonstrates the utility of the model for organisational cloud users to undertake incident investigations (e.g. collect and analyse residual data from cloud storage applications). Copyright

Integrating digital forensic practices in cloud incident handling: A conceptual Cloud Incident Handling Model.

Due to the increase in adoption of cloud storage services by organizations, ensuring the security and privacy of data stored in the cloud is of critical importance to these organizations. It is also important for organizations to have an effective cloud security incident handling strategy to minimize the impact of a security breach. In this chapter, we present a feasibility study of our proposed Cloud Incident Handling Model, which draws upon principles and practices from both incident handling and digital forensics. We demonstrated the utility of the proposed model using an ownCloud case study simulation. We also explained how the Situational Crime Prevention Theory can be used in our model to design mitigation strategies. Future work includes deploying the model in a real-world organization.

The Role of Mobile Forensics in Terrorism Investigations Involving the Use of Cloud Storage Service and Communication Apps

Mobile technologies can be, and have been, exploited in terrorist activities. In this paper, we highlight the importance of mobile forensics in the investigation of such activities. Specifically, using a series of controlled experiments on Android and Windows devices, we demonstrate how mobile forensics techniques can be used to recover evidentiary artefacts from client devices. There are three simulation scenarios, namely: (1) information propagation, (2) information concealment and (3) communications. The experiments used three popular cloud apps (Google Drive, Dropbox, and OneDrive), five communication apps (Messenger, WhatsApp, Telegram, Skype and Viber), and two email apps (GMail and Microsoft Outlook). The evidential data was collected and analysed using mobile forensics and network packet analyser tools. The correlation of evidence artefacts would support to infer illegal use of mobile devices. This study also highlights the extent of acquired evidence between Android and Windows devices, in which Android presents more evidentiary value.

An Evidence‐Based Forensic Taxonomy of Windows Phone Communication Apps

Communication apps can be an important source of evidence in a forensic investigation (e.g., in the investigation of a drug trafficking or terrorism case where the communications apps were used by the accused persons during the transactions or planning activities). This study presents the first evidence‐based forensic taxonomy of Windows Phone communication apps, using an existing two‐dimensional Android forensic taxonomy as a baseline. Specifically, 30 Windows Phone communication apps, including Instant Messaging (IM) and Voice over IP (VoIP) apps, are examined. Artifacts extracted using physical acquisition are analyzed, and seven digital evidence objects of forensic interest are identified, namely: Call Log, Chats, Contacts, Locations, Installed Applications, SMSs and User Accounts. Findings from this study would help to facilitate timely and effective forensic investigations involving Windows Phone communication apps.

An Evidence‐based Forensic Taxonomy of Windows Phone Dating Apps

Advances in technologies including development of smartphone features have contributed to the growth of mobile applications, including dating apps. However, online dating services can be misused. To support law enforcement investigations, a forensic taxonomy that provides a systematic classification of forensic artifacts from Windows Phone 8 (WP8) dating apps is presented in this study. The taxonomy has three categories, namely: Apps Categories, Artifacts Categories, and Data Partition Categories. This taxonomy is built based on the findings from a case study of 28 mobile dating apps, using mobile forensic tools. The dating app taxonomy can be used to inform future studies of dating and related apps, such as those from Android and iOS platforms.

Acquiring RFID Tag Asymmetric Key from IOT Cyber Physical Environment

Radio Frequency Identification (RFID) is the example of current technology that enable the IoT environment to identify and locate objects and record metadata. RFID is the typical, important technology that first creates the term of IoT and most recent technology discussed. Since the close relationship of the evolution between technology and crime, the need of understanding RFID data is inevitable. There is some researcher discussed of IoT forensic but there is no specific work related to the RFID data acquisition standard procedure in IOT environment. Therefore, this research is to propose a methodology for acquisition of RFID tag asymmetric key for IoT forensic purpose. Acquisition is the initial step in IoT forensic to acquire digital evidence from IoT cyberphysical environment. Later, the key acquired will be used to extract useful information from RFID tag memory for further investigation.

Preserving anonymity in e-voting system using voter non-repudiation oriented scheme

The voting system has been developed from traditional paper ballot to electronic voting (e-voting). The e-voting system has high potential to be widely used in election event. However, the e-voting system still does not meet the most important security properties which are voter’s authenticity and non-repudiation. This is because voters can simply vote again by entering other people’s identification number. In this project, an electronic voting using voter non-repudiation oriented scheme will be developed. This system contains ten modules which are log in, vote session, voter, candidate, open session, voting results, user account, initial score, logs and reset vote count. In order to ensure there would be no non-repudiation issue, a voter non-repudiation oriented scheme concept will be adapted and implemented in the system. This system will be built using Microsoft Visual Studio 2013 which only can be accessed using personal computers at the voting center. This project will be beneficial for future use in order to overcome non-repudiation issue.The voting system has been developed from traditional paper ballot to electronic voting (e-voting). The e-voting system has high potential to be widely used in election event. However, the e-voting system still does not meet the most important security properties which are voter’s authenticity and non-repudiation. This is because voters can simply vote again by entering other people’s identification number. In this project, an electronic voting using voter non-repudiation oriented scheme will be developed. This system contains ten modules which are log in, vote session, voter, candidate, open session, voting results, user account, initial score, logs and reset vote count. In order to ensure there would be no non-repudiation issue, a voter non-repudiation oriented scheme concept will be adapted and implemented in the system. This system will be built using Microsoft Visual Studio 2013 which only can be accessed using personal computers at the voting center. This project will be beneficial for future use in...

Email authentication using symmetric and asymmetric key algorithm encryption

Protection of sensitive or classified data from unauthorized access, hackers and other personals is virtue. Storage of data is done in devices such as USB, external hard disk, laptops, I-Pad or at cloud. Cloud computing presents with both ups and downs. However, storing information elsewhere increases risk of being attacked by hackers. Besides, the risk of losing the device or being stolen is increased in case of storage in portable devices. There are array of mediums of communications and even emails used to send data or information but these technologies come along with severe weaknesses such as absence of confidentiality where the message sent can be altered and sent to the recipient. No proofs are shown to the recipient that the message received is altered. The recipient would not find out unless he or she checks with the sender. Without encrypted of data or message, sniffing tools and software can be used to hack and read the information since it is in plaintext. Therefore, an electronic mail authent...