International Cyber Resilience conference

Novel pseudo random number generation using variant logic framework

Jeffrey Zheng — Tue, 22 May 2012 20:19:38 PDT

Cyber Security requires cryptology for the basic protection. Among different ECRYPT technologies, stream cipher plays a central role in advanced network security applications; in addition, pseudo-random number generators are placed in the core position of the mechanism. In this paper, a novel method of pseudo-random number generation is proposed to take advantage of the large functional space described using variant logic, a new framework for binary logic. Using permutation and complementary operations on classical truth table to form relevant variant table, numbers can be selected from table entries having pseudo-random properties. A simple generation mechanism is described and shown and pseudo-random sequences are analyzed for their cycle property and complexity. Applying this novel method, it can play a useful role in future applications for higher performance of cyber security environments.

Why Australia's e-health system will be a vulnerable national asset

Patricia A. Williams — Tue, 22 May 2012 20:19:37 PDT

Connecting Australian health services and the e-health initiative is a major talking point currently. Many issues are presented as key to its success including solving issues with confidentiality and privacy. However the largest problem may not be these issues in sharing information but the fact that the point of origin and storage of such records is still relatively insecure. Australia aims to have a Personally Controlled Electronic Health Record in 2012 and this is underpinned by a national network for e-health. It is this very foundation that becomes the critical infrastructure, with general practice the cornerstone for its success. Yet, research into the security of medical information has shown that many general practices are unable to create an environment with effective information security. This paper puts together the connections of e-health and the complex environment in which it is positioned. A discussion of how this critical infrastructure is assembled is presented, and the key vulnerabilities are identified. Further, it addresses how security may be approached to cater for this diverse and complex environment. From a national security and critical infrastructure perspective, as medical records are part of society’s critical infrastructure, the most effective system attacks are those on the points of highest vulnerability. In our current health system infrastructure those points are the data collection and records retention areas of individual medical providers. Progress towards changing this situation is key to its success.

Facebook jihad: A case study of recruitment discourses and strategies targeting a Western female

Robyn Torok — Tue, 22 May 2012 20:19:35 PDT

Recent years has seen a trend towards the increasing specificity of recruitment targets for global jihad. This paper is a case study of the discourses used to recruit a Western female who originally subscribed to an antigovernment, anti-New World Order ideology. Categorising using grounded theory analysis found that female recruiters tapped into the interest of their target subject and then shifted her towards sympathy and commitment to radical Islam. This was achieved through media saturation of Western aggression against Muslims coupled with an ideology that promotes the need to fight and resist. Subject material to which the recruit was directed was carefully controlled and initially deemphasized the Qur’an in favour of mujahedeen narratives and the teachings of Anwar al-Awlaki. Overall, the research supported a sophisticated narrowcasting strategy that was carefully developed primarily by female recruiters.

A comparative analysis of the security of internet banking in Australia:a customer perspective

Panida Subsorn et al. — Tue, 22 May 2012 20:19:34 PDT

Internet has its own inherent security issues in terms of confidentiality, integrity and privacy. The main impact of these kinds of issues is specifically on the banking industry as they have increased their Internet banking facilities in order to reduce costs and provide better services and banking convenience to their Internet banking customers. However, banking customers have not had a choice of Internet banking mainly due to the fact that they are already tied to whatever form of Internet banking that their current bank provides. This paper therefore examined Internet banking security systems in Australian banks by creating the proposed Internet banking security checklist which can benefit both existing and potential Internet banking customers to use as an Internet banking security guideline. Furthermore, the results uncovered were lack of Internet banking security in all the 16 selected Australian banks. These can impact its existing and potential customers’ confidentiality in terms of using Internet banking. Better Internet banking security information, two-factor authentication and stronger encryption in use are some of the example recommendations. In addition, this study can be extended to cover more in-depth details which cover interviewing and auditing from a customer perspective, the design and format of the Internet banking website and mobile banking security.

A phishing model and its applications to evaluating phishing attacks

Narasimha Shashidhar et al. — Tue, 22 May 2012 20:19:32 PDT

Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. In this paper, we present a theoretical yet practical model to study this threat in a formal manner. While it is folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model captures phishing in terms of this indistinguishability between the natural and phishing message distributions. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical framework and offers a new perspective to analyze this threat. We propose metrics to analyze the success probability of a phishing attack taking into account the input used by a phisher and the work involved to create deceptive email messages. Finally, we describe and study a new class of phishing attacks called collaborative spear phishing that may stem from the latest threat posed by the Epsilon email breach in the recent past and point out fundamental flaws in the current email-based marketing business model. In this sense, our study is very timely and presents new and emerging trends in phishing.

k Anonymous Private Query Based on Blind Signature and Oblivious Transfer

Russell Paulet et al. — Tue, 22 May 2012 20:19:30 PDT

In this paper, we consider a scenario where there are a group of clients and a database server, and a client wishes to query the database, but does not want to reveal her or his query to the server. Current solutions for this problem are based on oblivious transfer, which usually requires high communication overhead. To reduce the communication overhead, we propose three k-anonymous private query protocols. Our first protocol is based on blind signature, where the server cannot determine the identity of the querying client from the group. Our second protocol is based on k-anonymous oblivious transfer, where the server cannot tell which record the querying client wants from k records. Our third protocol is a combination of the first and second protocols. Our protocols can achieve k-anonymity and are practical in many real-life applications.

Empowering protest through social media

Simon O'Rourke — Tue, 22 May 2012 20:19:29 PDT

Advances in personal communications devices including smartphones, are enabling individuals to establish and form virtual communities in cyberspace. Such platforms now allow users to be in continuous contact, enabling them to receive information in real time, which allows them to act in support of other members of their network. This paper will discuss some of the capabilities afforded by social media to protest groups focused on civil disobedience. Direct action protests are now a common sight at gatherings of world leaders, most notably the meeting of the World Trade Organisation (WTO) in Seattle in 1999, the G20 meetings in Melbourne in 2006 and Toronto in 2010. Facebook and Twitter are becoming recognised as key mediums from which to drive change, exert influence and strategically and tactically outmaneuver conventional police deployments at protests. Police charged with managing protest activity now need to operate in both the physical and cyber worlds simultaneously.

Gap analysis of intrusion detection in smart grids

Nishchal Kush et al. — Tue, 22 May 2012 20:19:27 PDT

Given the recent emergence of the smart grid and smart grid related technologies, their security is a prime concern. Intrusion detection provides a second line of defence. However, conventional intrusion detection systems (IDSs) are unable to adequately address the unique requirements of the smart grid. This paper presents a gap analysis of contemporary IDSs from a smart grid perspective. This paper highlights the lack of adequate intrusion detection within the smart grid and discusses the limitations of current IDSs approaches. The gap analysis identifies current IDSs as being unsuited to smart grid application without significant changes to address smart grid specific requirements.

GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering

Peter Hannay et al. — Tue, 22 May 2012 20:19:26 PDT

The current social media landscape has resulted in a situation where people are encouraged to share a greater amount of information about their day-to-day lives than ever before. In this environment a large amount of personal data is disclosed in a public forum with little to no regard for the potential privacy impacts. This paper focuses on the presence of geographic data within images, metadata and individual postings. The GeoIntelligence project aims to aggregate this information to educate users on the possible implications of the utilisation of these services as well as providing service to law enforcement and business. This paper demonstrates the ability to profile users on an individual and group basis from data posted openly to social networking services.

Securing the Elderly: A Developmental Approach to Hypermedia Based Online Information Security for Senior Novice Computer Users

David M. Cook et al. — Tue, 22 May 2012 20:19:24 PDT

Whilst security threats to the general public continue to evolve, elderly computer users with limited skill and knowledge are left playing catch-up in an ever-widening gap in fundamental cyber-related comprehension. As a definable cohort, the elderly generally lack awareness of current security threats, and remain under-educated in terms of applying appropriate controls and safeguards to their computers and networking devices. This paper identifies that web-based computer security information sources do not adequately provide helpful information to senior citizen end-users in terms of both design and content. It subsequently demonstrates a solution designed with the elderly, yet novice, end-user in mind. This paper examines the need for practical computer-based instructions that have wide-ranging applications to a wide selection of under-informed internet consumers. As computer usage rapidly spreads towards total ubiquity across all generations and social levels, the need for web-based education resources to protect generationally differing internet users is urgently required.

On the detection of hidden terrorist cells immersed in peer to peer networks

Belinda A. Chiera — Tue, 22 May 2012 20:19:22 PDT

Hidden terrorist cells in high dimensional communications networks arise when terrorists camouflage connectivity to appear randomly connected to the background network. We investigate hidden network detectability when the background network does not support terrorist activities. Using two September 11 terrorist networks as the test bed and a network measure called assortativity, we suggest hidden terrorist networks can behave as Peer-to-Peer networks. We compare the September 11 hidden networks with Peer-to-Peer networks containing embedded terrorist networks, as well as with generic Peer-to-Peer networks. Using Peer-to-Peer characteristics and social network group-based centralities, we show that for certain Peer-to-Peer networks it is possible to detect hidden terrorist networks in cyberspace, with potential future application to Instant Messaging and Skype networks.

A Threat to Cyber Resilience: A Malware Rebirthing Botnet

Murray Brand et al. — Tue, 22 May 2012 20:19:21 PDT

This paper presents a threat to cyber resilience in the form of a conceptual model of a malware rebirthing botnet which can be used in a variety of scenarios. It can be used to collect existing malware and rebirth it with new functionality and signatures that will avoid detection by AV software and hinder analysis. The botnet can then use the customized malware to target an organization with an orchestrated attack from the member machines in the botnet for a variety of malicious purposes, including information warfare applications. Alternatively, it can also be used to inject known malware signatures into otherwise non malicious code and traffic to overloading the sensors and processing systems employed by intrusion detection and prevention systems to create a denial of confidence of the sensors and detection systems. This could be used as a force multiplier in asymmetric warfare applications to create confusion and distraction whilst attacks are made on other defensive fronts.

Penetration Testing and Vulnerability Assessments: A Professional Approach

Konstantinos Xynos et al. — Wed, 02 Feb 2011 19:38:09 PST

Attacks against computer systems and the data contained within these systems are becoming increasingly frequent and evermore sophisticated. So-called “zero-day” exploits can be purchased on black markets and Advanced Persistent Threats (APTs) can lead to exfiltration of data over extended periods. Organisations wishing to ensure security of their systems may look towards adopting appropriate measures to protect themselves against potential security breaches. One such measure is to hire the services of penetration testers (or “pen-tester”) to find vulnerabilities present in the organisation’s network, and provide recommendations as to how best to mitigate such risks. This paper discusses the definition and role of the modern pen-tester and summarises current standards and professional qualifications in the UK. The paper further identifies issues arising from pen-testers, highlighting differences from what is generally expected of their role in industry to what is demanded by professional qualifications.

What are you Looking for: Identification of Remnant Communication Artefacts in Physical Memory

Matthew Simon et al. — Wed, 02 Feb 2011 19:38:03 PST

Law enforcement has sound methods for investigating and obtaining data about targets that are using traditional communication services such as the Public Switched Telephone Network. The Internet as a data transfer medium is a vastly different paradigm to that of traditional telephony networks. Information about targets using Internet communication technologies cannot be obtained using the same methods used for traditional communication. There has been an identified need for methods to obtain information on targets that have been using Internet communication methods. The acquisition and analysis of physical memory has been proposed as a vector for the recovery of such information. In order to investigate memory analysis and communication technologies, it is necessary to define the types of data that investigators should look for. To this end, the concept of a set of data artefacts has been defined that contains generic data types that are inherent to all Internet based communication applications. To demonstrate the utility of the concept, a case study is presented that applies the artefacts to Skype.

Security Analysis of Session Initiation Protocol - A Methodology Based on Coloured Petri Nets

Lin Liu — Wed, 02 Feb 2011 19:38:01 PST

In recent years Voice over Internet Protocol (VoIP) has become a popular multimedia application over the Internet. At the same time critical security issues in VoIP have started to emerge. The Session Initiation Protocol (SIP) is a predominant signalling protocol for VoIP. It is used to establish, maintain and terminate VoIP calls, playing a crucial role in VoIP. This paper is aimed at developing a Coloured Petri Net (CPN)-based approach to analysing security vulnerabilities in SIP, with the ultimate goal of achieving a formal and comprehensive security assessment of SIP specification, and creating a platform for evaluating countermeasures for securing SIP. In the paper we present a method for modelling the behaviour of SIP and its security threats using CPNs, and discuss suitable techniques for analysing the CPNs for investigating SIP security issues. The CPN models and the analysis techniques will then become the platform for analysing the behavior of SIP that is enhanced with proposed security countermeasures

Detecting Money Laundering and Terrorism Financing Activity in Second Life and World of Warcraft

Angela S M Irwin et al. — Wed, 02 Feb 2011 19:37:59 PST

In recent years there has been much debate about the risks posed by virtual environments. Concern is growing about the ease in which virtual worlds and virtual reality role-playing games such as Second Life and World of Warcraft can be used for economic crimes such as financially motivated cybercrime, money laundering and terrorism financing. Currently, virtual environments are not subject to the strict financial controls and reporting requirements of the real world, therefore, they offer an excellent opportunity for criminals and terrorism financers to carry out their illegal activities unhindered and with impunity. This paper demonstrates the need for suitable approaches, tools and techniques which can be used to detect money laundering and terrorism financing in virtual environments and introduces a research project which aims to establish a comprehensive set of behaviour maps, rule bases and models to help in the fight against organised crime and terrorism.

Group-Based Social Network Characterisation of Hidden Terrorist Networks

Belinda A. Chiera — Wed, 02 Feb 2011 19:37:56 PST

Hidden networks arise in high-dimensional network structures when the hidden network members camouflage their existence by appearing randomly connected to the larger network structure, but in reality ensure they remain in persistent contact with one another over time. This paper takes a first step towards determining how to locate such hidden networks through the novel use of group-based social network metrics to characterise the features of hidden networks. Micro, meso and macro-level network analyses of the September 11 network and a selection of popular simulated terrorist network structures will show that the simulated networks are highly visible whereas the hidden networks display low visibility except at the macro level. Moreover these hidden networks aid to camouflage a highly prominent terrorist network of trusted prior contacts.

Malware Detection Based on Structural and Behavioural Features of API Calls

Manoun Alazab et al. — Wed, 02 Feb 2011 19:37:55 PST

In this paper, we propose a five-step approach to detect obfuscated malware by investigating the structural and behavioural features of API calls. We have developed a fully automated system to disassemble and extract API call features effectively from executables. Using n-gram statistical analysis of binary content, we are able to classify if an executable file is malicious or benign. Our experimental results with a dataset of 242 malwares and 72 benign files have shown a promising accuracy of 96.5% for the unigram model. We also provide a preliminary analysis by our approach using support vector machine (SVM) and by varying n-values from 1 to 5, we have analysed the performance that include accuracy, false positives and false negatives. By applying SVM, we propose to train the classifier and derive an optimum n-gram model for detecting both known and unknown malware efficiently.