Shams Zawoad

Sensing-enabled channels for hard-to-detect command and control of mobile devices

The proliferation of mobile computing devices has enabled immense opportunities for everyday users. At the same time, however, this has opened up new, and perhaps more severe, possibilities for attacks. In this paper, we explore a novel generation of mobile malware that exploits the rich variety of sensors available on current mobile devices. Two properties distinguish the proposed malware from the existing state-of-the-art. First, in addition to the misuse of the various traditional services available on modern mobile devices, this malware can be used for the purpose of targeted context-aware attacks. Second, this malware can be commanded and controlled over context-aware, out-of-band channels as opposed to a centralized infrastructure. These communication channels can be used to quickly reach out to a large number of infected devices, while offering a high degree of undetectability. In particular, unlike traditional network-based communication, the proposed sensing-enabled channels cannot be detected by monitoring the cellular or wireless communication networks. To demonstrate the feasibility of our proposed attack, we present different flavors of command and control channels based on acoustic, visual, magnetic and vibrational signaling. We further build and test a proof-of-concept Android application implementing many such channels.

FAIoT: Towards Building a Forensics Aware Eco System for the Internet of Things

The Internet of Things (IoT) involves numerous connected smart things with different technologies and communication standards. While IoT opens new opportunities in various fields, it introduces new challenges in the field of digital forensics investigations. The existing tools and procedures of digital forensics cannot meet the highly distributed and heterogeneous infrastructure of the IoT. Forensics investigators will face challenges while identifying necessary pieces of evidence from the IoT environment, and collecting and analyzing those evidence. In this article, we propose the first working definition of IoT forensics and systematically analyze the IoT forensics domain to explore the challenges and issues in this special branch of digital forensics. We propose a Forensics-aware IoT (FAIoT) model for supporting reliable forensics investigations in the IoT environment.

OTIT: towards secure provenance modeling for location proofs

Personal mobile devices and location based services are gaining popularity every day. Since the location based services are often customized based on the location information, it is important to securely generate, preserve, and validate the claim of presence at a given location at a given time as well as location provenance - the history of locations for a mobile device user over a given time period. Location provenance needs to imply secure and chronological ordering of location proofs, which can be successfully verified at a later time. Otherwise, the location based services can be easily spoofed by falsified location history. In this paper, we present OTIT - a model for designing secure location provenance. We formalized the features and characteristics for the domain of secure location provenance schemes, using formal propositional logic and logical proofs. We also present several schemes, which can be used in various modes to provide secure location provenance services. Based on the characteristics defined in OTIT, we have analyzed different schemes to show their adherence to the desired features of secure location provenance. Furthermore, we present experimental results on the performance of the various schemes, in terms of time and storage, to show a comparative applicability analysis. We posit that OTIT will serve as a comprehensive benchmark framework to evaluate the models for secure location provenance.

OCF: An Open Cloud Forensics Model for Reliable Digital Forensics

The rise of cloud computing has changed the way computing services and resources are used. However, existing digital forensics science cannot cope with the black-box nature of clouds nor with multi-tenant cloud models. Because of the fundamental characteristics of clouds, many assumptions of digital forensics are invalidated in clouds. In the digital forensics process involving clouds, the role of cloud service providers (CSP) is utterly important, a role which needs to be considered in the science of cloud forensics. In this paper, we define cloud forensics considering the role of the CSP and propose the Open Cloud Forensics (OCF) model. Based on this OCF model, we propose a cloud computing architecture and validate our proposed model using a case study, which is inspired from an actual civil lawsuit.

I Have the Proof: Providing Proofs of Past Data Possession in Cloud Forensics

Cloud computing has emerged as a popular computing paradigm in recent years. However, todays cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence of a particular file in a given storage system. Unfortunately, it is very hard to do so in a cloud given the black-box nature of clouds and the multi-tenant cloud models. In clouds, analyzing the data from a virtual machine instance or data stored in a cloud storage only allows us to investigate the current content of the cloud storage, but not the previous contents. In this paper, we introduce the idea of building proofs of past data possession in the context of a cloud storage service. We present a scheme for creating such proofs and evaluate its performance in a real cloud provider. We also discuss how this proof of past data possession can be used effectively in cloud forensics.

'Who, When, and Where?' Location Proof Assertion for Mobile Devices

In recent years, location of mobile devices has become an important factor. Mobile device users can easily access various customized applications from the service providers based on the current physical location information. Nonetheless, it is a significant challenge in distributed architectures for users to prove their presence at a particular location in a privacy-protected and secured manner. So far, researchers have proposed multiple schemes to implement a secure location proof collection mechanism. However, such location proof schemes are subject to tampering and not resistant to collusion attacks. Additionally, the location authority providing a location proof is assumed to be honest at all times. In this paper, we present the fundamental requirements of any location proof generation scheme, and illustrate the potential attacks possible in such non-federated environments. Based on our observations, we introduce a concept of witness oriented endorsements, and describe a collusion-resistant protocol for asserted location proofs.We provide an exhaustive security analysis of the proposed architecture, based on all possible collusion models among the user, location authority, and witness. We also present a prototype implementation and extensive experimental results to adjust different threshold values and illustrate the feasibility of deploying the protocol in regular devices for practical use.

A TRUSTWORTHY CLOUD FORENSICS ENVIRONMENT

The rapid migration from traditional computing and storage models to cloud computing environments has made it necessary to support reliable forensic investigations in the cloud. However, current cloud computing environments often lack support for forensic investigations and the trustworthiness of evidence is often questionable because of the possibility of collusion between dishonest cloud providers, users and forensic investigators. This chapter presents a forensics-enabled cloud environment that supports trustworthy forensics in cloud environments. The forensic environment is designed on top of the OpenStack open-source cloud operating system. The environment enables cloud service providers to provide trusted digital forensics support to customers and forensic investigators, and enables customers to establish their own forensics-friendly infrastructures without making significant financial investments.

Secure techniques and methods for authenticating visually impaired mobile phone users

A series of new types of frauds and threats have emerged with the increased popularity of smartphones. Studies show that smartphone users are three times more likely to become the victims of identity fraud. Though researchers have developed many well known methods for user authentication in smartphone, little has been done focusing on visually impaired mobile device users. Commonly used username-password based authentication is not suitable for such users as it is cumbersome and highly susceptible to eavesdropping. In this paper, we have proposed a comprehensive algorithmic model for detecting different physical activities, such as walking, by analyzing the accelerometer sensor data from smartphones. Our proposed scheme proves that each persons gait pattern is unique and can be used as a bio-metric data for authentication. The new tool promises to provide a feasible solution for authentication, especially for visually impaired smartphone users, free from aural and visual eavesdropping.

Trustworthy Digital Forensics in the Cloud

Digital forensics is used to help investigate cybercrime. Because of its characteristics and rapid adoption, the cloud requires its own form of forensics, which must be reliable. The authors have developed the Open Cloud Forensics (OCF) model and FECloud architecture, which would enable effective cloud forensics.

Privacy in the Cloud

The rise of cloud computing has changed the way of using computing services and resources. Consciously or unconsciously, people are enjoying the services provided by the cloud when they access Gmail, Google Calendar, Dropbox, Microsoft Office Live, or run hundreds of Amazon Elastic Compute Cloud (EC2) instances for processing large-scale data. Due to the high demand for cloud-based services, cloud computing has emerged as the dominant computing paradigm in recent years. Besides that, the flexibility and cost savings made possible through migration to the cloud infrastructure, have encouraged many companies to use cloud computing for their critical applications. However, the advantages of clouds come with increased security and privacy risks. Today’s cloud computing platforms face important challenges for protecting the confidentiality and privacy of data and applications outsourced to cloud infrastructures. Multi-tenancy and other inherent properties of the cloud computing model have introduced novel attack surfaces and threats to users’ privacy. Unless the privacy issues are resolved, cloud computing cannot and should not be used for sensitive applications, such as financial transactions or medical records, where privacy and confidentiality of users are crucial. In this chapter, we present the privacy issues in cloud computing systems and discuss the state-of-the-art solutions and open problems.