Renier van Heerden

Playing hide-and-seek: Detecting the manipulation of Android Timestamps

Mobile technology continues to evolve in the 21st century, providing users with improved capabilities and advance functionality. One of the leaders of this evolution is Android, a mobile operating system that continuously elevates existing features and offers new applications. Such improvements allowed Android to gain popularity worldwide. A combination of Androids advance technology and increasing popularity allow smartphones supporting this operating system to become a rich source of trace evidence. Traces found on Android smartphones form a significant part of digital investigations, especially when the user of the smartphone is involved in criminal activities. A key component of these traces is the date and time, often formed as timestamps. These timestamps allow the examiner to relate the traces found on Android smartphones to some real event that took place. Knowing when events occurred in digital investigations is of great importance to the overall success of the investigation. This paper introduces a new solution, called the Authenticity Framework for Android Timestamps (AFAT) that establishes the authenticity of timestamps found on Android smartphones. Currently the framework determines the authenticity of timestamps found in SQLite databases by following two individual methods. The first method identifies the presence of certain changes in the Android file system, which are indications of the manipulation of the SQLite databases. The second method subsequently focuses on the individual SQLite databases and the identification of inconsistencies in these databases. The presence of specific file system changes as well as inconsistencies in the associated SQLite databases indicates that authenticity of the timestamps might be compromised. The results presented in the paper provide preliminary evidence that the suggested approach, Authenticity Framework for Android Timestamps, shows potential.

Analysing the fairness of trust-based Mobile Ad hoc Network protocols: Comparing the fairness of AODV and TAODV protocols in scenario driven simulations

A Mobile Ad hoc Network (MANET) consists out of a collection of mobile nodes capable of sending and/or receiving wireless communications. MANETs are generally unstructured networks with no centralized administration. MANETs use routing algorithms to establish routes among nodes. This unstructured nature presents the opportunity for misbehaviour among nodes. Trust based MANET routing protocols have been developed to counteract malicious behaviour, in an effort to establish fair node behaviour. Recent research has shown that the trust protocols themselves introduce unfair behaviour among nodes. This paper presents basic MANET scenarios and monitors the fairness of TAODV and TEA-AODV routing protocols.

The world is polluted with leaked cyber data

Copyright: IGI Global. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publishers website.

Classification of cyber attacks in South Africa

This paper introduces a classification scheme for the visual classification of cyber attacks. Through the use of the scheme, the impact of various cyber attacks throughout the history of South Africa are investigated and classified. The goal of this paper is to introduce a classification scheme that arranges attacks into different classes and sub-classes, which is presented visually. To enhance the visual description, each class has a maximum of three sub-classes, which can overlap. This classification scheme helps to show the diverse impacts of cyber attacks in South Africa. This method of classification can be used for the assessment of any cyber attack and to find similarities between attacks.

The pattern-richness of Graphical passwords

Conventional (text-based) passwords have shown patterns such as variations on the username, or known passwords such as “password”, “admin” or “12345”. Patterns may similarly be detected in the use of Graphical passwords (GPs). The most significant such pattern - reported by many researchers - is hotspot clustering. This paper qualitatively analyses more than 200 graphical passwords for patterns other than the classically reported hotspots. The qualitative analysis finds that a significant percentage of passwords fall into a small set of patterns; patterns that can be used to form attack models against GPs. In counter action, these patterns can also be used to educate users so that future password selection is more secure. It is the hope that the outcome from this research will lead to improved behaviour and an enhancement in graphical password security.

Using an ontology for network attack planning

Copyright: 2015 IGI Global. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publishers website. The definitive version of the work is published in International Journal of Cyber Warfare and Terrorism, 6(3), pp 65-78

Human Perception of the Measurement of a Network Attack Taxonomy in Near Real-Time

This paper investigates how the measurement of a network attack taxonomy can be related to human perception. Network attacks do not have a time limitation, but the earlier its detected, the more damage can be prevented and the more preventative actions can be taken. This paper evaluate how elements of network attacks can be measured in near real-time(60 seconds). The taxonomy we use was developed by van Heerden et al (2012) with over 100 classes. These classes present the attack and defenders point of view. The degree to which each class can be quantified or measured is determined by investigating the accuracy of various assessment methods. We classify each class as either defined, high, low or not quantifiable. For example, it may not be possible to determine the instigator of an attack (Aggressor), but only that the attack has been launched by a Hacker (Actor). Some classes can only be quantified with a low confidence or not at all in a sort (near real-time) time. The IP address of an attack can easily be faked thus reducing the confidence in the information obtained from it, and thus determining the origin of an attack with a low confidence. This determination itself is subjective. All the evaluations of the classes in this paper is subjective, but due to the very basic grouping (High, Low or Not Quantifiable) a subjective value can be used. The complexity of the taxonomy can be significantly reduced if classes with only a high perceptive accuracy is used.