Current Issue : January - March Volume : 2017 Issue Number : 1 Articles : 5 Articles
Mobile devices, like tablets and smartphones, are common place in everyday life. Thus, the degree of security these\ndevices can provide against digital forensics is of particular interest. A common method to access arbitrary data in\nmain memory is the cold boot attack. The cold boot attack exploits the remanence effect that causes data in DRAM\nmodules not to lose the content immediately in case of a power cut-off. This makes it possible to restart a device and\nextract the data in main memory.\nIn this paper, we present a novel framework for cold boot-based data acquisition with a minimal bare metal\napplication on a mobile device. In contrast to other cold boot approaches, our forensics tool overwrites only a\nminimal amount of data in main memory. This tool requires no more than three kilobytes of constant data in the\nkernel code section. We hence sustain all of the data relevant for the analysis of the previously running system. This\nmakes it possible to analyze the memory with data acquisition tools. For this purpose, we extend the memory\nforensics tool Volatility in order to request parts of the main memory dynamically from our bare metal application. We\nshow the feasibility of our approach on the Samsung Galaxy S4 and Nexus 5 mobile devices along with an extensive\nevaluation. First, we compare our framework to a traditional memory dump-based analysis. In the next step, we show\nthe potential of our framework by acquiring sensitive user data....
Security and privacy are significant issues in radio frequency identification (RFID) systems. There are many RFID authentication protocols have been proposed to address those issues. Some of these protocols employ way hashing function as a mechanism for addressing security and privacy issues of RFID systems, other protocols employ random number generator (RNG) and simple functions like cyclic redundancy code (CRC) functions as a mechanism for solving security and privacy problems and some proposals employ simple bitwise operations (e.g. XOR, AND, OR) for enhancing security and privacy of RFID systems. Although the proposed protocols have the capability to supply particular solution for RFID security and privacy issues, they cannot supply integrated solution. This paper is a survey to closely study those protocols in terms of their focus and limitations. In doing so, the security and privacy requirements are identified. Moreover, based on these requirements; 28 Secure RFID-based systems are discussed and compared in a form of checklist. Finally, this study is recommended to use heavy-weighted cryptographic techniques on the back-end side instead of lightweight cryptographic techniques to achieve the missed requirements on the studied authentication protocols....
The trend of cloud databases is leaning towards Not Only SQL (NoSQL) databases as they provide better support for\nscalable storage and quick retrieval of exponentially voluminous data. One of the more prominent types of NoSQL\ndatabases is document-based storage, which is being increasingly used in the dynamic cloud paradigm. However,\nthere are inherent security issues in cloud, including remote data residency along with the non-existent control of\nowners over their own data. In addition to that, the inherent security features of most document-based NoSQL\ndatabases lack granular access control and robust confidentiality mechanisms. There is also a distinct lack of a\ncomprehensive solution that effectively caters to all the security requirements of a document-oriented database in\ncloud. In order to overcome these issues, we propose a database security-as-a-service (DB-SECaaS) system over\ndocument-oriented database hosted in cloud, which provides authentication, fine-grained authorization, and\nencryption of the database objects, while ensuring that access to the data is granted only to authorized users on a\nneed-to-know basis. The paper shows that the DB-SECaaS system strongly enhances the security of documentoriented\ndatabases on cloud, and it is thus expected to facilitate the industry to reap the benefits of NoSQL without\nworrying over security issues. In order to certify the abovementioned security enhancements, provided by DB-SECaaS,\nthe paper also provides a formal analysis of DB-SECaaS using the Scyther model checker. As a proof of concept, the\ncore functionalities of the protocol, i.e., authorization, authentication, and encryption, are formally modeled in Scyther\nto formally verify that the proposed framework mitigates privacy and security concerns...
This paper puts forward the plan on constructing information security attack and\ndefense platform based on cloud computing and virtualization, provides the hardware\ntopology structure of the platform and technical framework of the system and\nthe experimental process and technical principle of the platform. The experiment\nplatform can provide more than 20 attack classes. Using the virtualization technology\ncan build hypothesized target of various types in the laboratory and diversified network\nstructure to carry out attack and defense experiment....
This paper deals with the problem of securing the configuration phase of an Internet of\nThings (IoT) system. The main drawbacks of current approaches are the focus on specific techniques\nand methods, and the lack of a cross layer vision of the problem. In a smart environment, each IoT\ndevice has limited resources and is often battery operated with limited capabilities (e.g., no keyboard).\nAs a consequence, network security must be carefully analyzed in order to prevent security and\nprivacy issues. In this paper, we will analyze the IoT threats, we will propose a security framework\nfor the device initialization and we will show how physical layer security can effectively boost the\nsecurity of IoT systems....
Loading....