Jimshith V. T,V. Mary Amala Bai

DOI: https://doi.org/10.1080/00051144.2024.2310458

IF: 1.79

2024-02-28

Automatika

Abstract:The widespread practice of Bring your own device (BYOD) to work significantly raises cybersecurity risks. All organization's employees and employers will greatly benefit from this trend. The growth of spyware, malware and other dubious downloads on individual devices has compelled the government to review its data security guidelines. Without user knowledge, hazardous apps are downloaded to personal devices. Both people and governments could suffer tragic consequences as a result of this. In this situation, BYODs are problematic since they can alter policies without permission and release private information. The main goal of the research was to detect fraudulent communications coming from BYOD environments. A network monitoring and managing information configuration settings of mobile devices in the network is established by providing policies and authenticating endpoint devices in the BYOD network using a mix of NAC and MDM. This framework deals with Security Manager (SaaS) as the second module is briefly described. The study's early results were positive and suggested that the framework would lessen access control-related issues.

automation & control systems,engineering, electrical & electronic

Kathleen Downer,Maumita Bhattacharya

DOI: https://doi.org/10.48550/arXiv.2202.11498

2022-02-23

Cryptography and Security

Abstract:The prevalence and maturity of Bring Your Own Device (BYOD) security along with subsequent frameworks and security mechanisms in Australian organisations is a growing phenomenon somewhat similar to other developed nations. During the COVID 19 pandemic, even organisations that were previously reluctant to embrace BYOD have been forced to accept it to facilitate remote work. The aim of this paper is to discover, through a study conducted using a survey questionnaire instrument, how employees practice and perceive the BYOD security mechanisms deployed by Australian businesses which can help guide the development of future BYOD security frameworks. Three research questions are answered by this study - What levels of awareness do Australian businesses have for BYOD security aspects? How are employees currently responding to the security mechanisms applied by their organisations for mobile devices? What are the potential weaknesses in businesses IT networks that have a direct effect on BYOD security? Overall, the aim of this research is to illuminate the findings of these research objectives so that they can be used as a basis for building new and strengthening existing BYOD security frameworks in order to enhance their effectiveness against an ever-growing list of attacks and threats targeting mobile devices in a virtually driven work force.

Farkhund Iqbal,Aasia Jaffri,Zainab Khalid,Aine MacDermott,Qazi Ejaz Ali,Patrick C. K. Hung

DOI: https://doi.org/10.3389/frcmn.2023.1212743

2023-07-26

Frontiers in Communications and Networks

Abstract:Small-scale digital devices like smartphones, smart toys, drones, gaming consoles, tablets, and other personal data assistants have now become ingrained constituents in our daily lives. These devices store massive amounts of data related to individual traits of users, their routine operations, medical histories, and financial information. At the same time, with continuously evolving technology, the diversity in operating systems, client storage localities, remote/cloud storages and backups, and encryption practices renders the forensic analysis task multi-faceted. This makes forensic investigators having to deal with an array of novel challenges. This study reviews the forensic frameworks and procedures used in investigating small-scale digital devices. While highlighting the challenges faced by digital forensics, we explore how cutting-edge technologies like Blockchain, Artificial Intelligence, Machine Learning, and Data Science may play a role in remedying concerns. The review aims to accumulate state-of-the-art and identify a futuristic approach for investigating SSDDs.

Joel Chigada,Naailah Daniels

DOI: https://doi.org/10.1177/02663821211036400

2021-08-11

Business Information Review

Abstract:This study explores information systems security implications posed by Bring Your Own Device concept in financial services firms. Thus, the findings and recommendations from this study will help financial services and other organisations to be cognisant of the importance of BYOD policy formulation. The use of BYOD has become prevalent in the workplace due to the increased dependence on the Internet and advancements in technologies. It is beneficial to the organisation in that employees buy, use and insure their own devices, thus, the organisation does not bear these costs. However, there is a huge cost to the company if the use and connection of BYODs to the company’s Information Technology infrastructure is not regulated and monitored. BYODs expose information and information systems assets to threat actors. Financial institutions handle very sensitive information, making them a target for data breach and the adoption of BYODs more hazardous. A qualitative research method was conducted with eight (8) purposefully selected participants working in the Risk, IT and Information Systems Security departments of the financial institution. Telephonic interviews were conducted in line with the national protocols of the global Corona Virus Disease-2019 (COVID-19) pandemic. The study revealed the absence of a BYOD policy and employees could use any number of personal devices without restrictions. Users were aware of information systems security policies and protocols because of the annual training and awareness programmes.

Cephas Mpungu,Carlisle George,Glenford Mapp

DOI: https://doi.org/10.5121/ijnsa.2024.16402

2024-08-01

Abstract:Wireless medical networks are pivotal for chronic disease management, yet the sensitive Big Data they generate presents administration challenges and cyber vulnerability. This Big Data is valuable within both healthcare and legal contexts, serving as a resource for investigating medical malpractice, civil cases, criminal activities, and network-related incidents. However, the rapid evolution of network technologies and data creates complexities in digital forensics investigations and audits. To address these issues, this paper proposes a secure decentralised framework aimed at bolstering digital forensics readiness (DFR) in Big Data wireless medical networks by identifying security threats, complexities, and gaps in current research efforts. By improving the network's resilience to cyber threats and aiding in medical malpractice investigations, this framework significantly advances digital forensics, wireless networks, and healthcare. It enhances digital forensics readiness, incident response, and the management of medical malpractice incidents in Big Data wireless medical networks. A real-world scenario-based evaluation demonstrated the framework's effectiveness in improving forensic readiness and response capabilities, validating its practical applicability and impact. A comparison of the proposed framework with existing frameworks concluded that it is an advancement in framework design for DFR, especially in regard to Big Data processing, decentralised DFR storage and scalability.

Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Snehal Sathwara,Nitul Dutta,Emil Pricop

DOI: https://doi.org/10.1109/ECAI.2018.8679017

2019-09-06

Abstract:Security issues, threats, and attacks in relation with the IoT have been identified as promising and challenging area of research. Eventually, the need for a forensics methodology for investigating IoT-related crime is therefore essential. However, the IoT poses many challenges for forensics investigators. These include the wide range and variety of information, the unclear lines of differentiation between networks, for example private networks increasingly fading into public networks. Further, integration of a large number of objects in IoT forensic interest, along with the relevance of identified and collected devices makes forensic of IoT devices more complicated. The scope of this paper is to present a framework for IoT forensic. We aimed at the study and development of the link to support digital investigations of IoT devices and tackle emerging challenges in digital forensics. We emphasize on various steps for digital forensic with respect to IoT devices.

Networking and Internet Architecture,Cryptography and Security

Nickson M. Karie,Craig Valli

DOI: https://doi.org/10.48550/arXiv.2107.13759

2021-07-29

Abstract:The continued evolution in computer network technologies has seen the introduction of new paradigms like Software Defined Networking (SDN) which has altered many traditional networking principles in todays business environments. SDN has brought about unprecedented change to the way organisations plan, develop, and enact their networking technology and infrastructure strategies. However, SDN does not only offer new opportunities and abilities for organisations to redesign their entire network infrastructure but also presents a different set of issues and challenges that need to be resolved. One such challenge is the implementation of Digital Forensic Readiness (DFR) in SDN environments. This paper, therefore, examines existing literature and highlights the different issues and challenges impacting the implementation of DFR in SDN. However, the paper also goes further to offer insights on the different countermeasures that organisations can embrace to enhance their ability to respond to cybersecurity incidents as well as help them in implementing DFR in SDN environments

Cryptography and Security

Ezer Osei Yeboah-Boateng,Francis Edmund Boaten

DOI: https://doi.org/10.48550/arXiv.1609.01821

2016-09-05

Cryptography and Security

Abstract:This study evaluates the cyber-risks to Business Information Assets posed by the adoption of Bring-Your-Own-Device (BYOD) to the workplace. BYOD is an emerging trend where employees bring and use personal computing devices on the companys network to access applications and sensitive data like emails, calendar and scheduling applications, documents, etc. Employees are captivated by BYOD because they can have access to private items as well as perform certain job functions while being unrestricted to their desks. This is however usually done on the blind side of management or the system administrator; a situation that tends to expose vital and sensitive corporate information to various threats like unwanted network traffic, unknown applications, malwares, and viruses. Expert opinions were elicited in this exploratory study. The study evaluated the characteristics of BYOD, assessed associated risks, threats and vulnerabilities. The findings indicate that little or no security measures were instituted to mitigate risks associated with BYOD. Though, profound benefits abound with BYOD adoption, they could be eroded by security threats and costs of mitigation in curing breaches. The most significant risk was found to be Data Loss which was in consonance with similar studies on Smartphone security risks. Some mitigation measures are then recommended.

Deepti Rani,Nasib Singh Gill,Preeti Gulia

DOI: https://doi.org/10.1016/j.jii.2024.100568

IF: 11.718

2024-02-03

Journal of Industrial Information Integration

Abstract:The extensive growth of Industrial Internet of Things (IIoT) has prompted cyber attackers to commence a variety of attacks which need to be identified to maintain the security of industrial data and services. Digital forensics is an extravagant need to detect cyber attacks and to identify cybercriminals. While conducting criminal investigation using digital forensics, there is high probability of leakage of collected digital evidence. Hence, the need for a secure and lightweight cryptosystem arises to protect it from cyber-attacks. In the present paper, authors aim to design a novel forensic framework for digital evidence administration using advanced encryption and preservation mechanisms. Authors focus to encrypt and preserve only digital image evidence but can be deployed on other types of multimedia data like video frames. Three types of Chaos-map algorithms namely 4D hyperchaotic map, 2D Arnold Cat map (ACM) and Henon Map have been utilized to encrypty and decrypt digital image evidence which enable high sensitivity and dependency on initial conditions, quasi-randomness, and ergodicity to digital content. The proposed approaches have been analyzed on different groups of images of different size and validated using various security parameters such as unified average changing intensity (UACI), correlation coefficient, and the number of pixels changing rate (NPCR). Image transformation and compression has been performed after encryption process using Fast Fourier Transformation (FFT). The proposed work has been analyzed using histogram and auto-correlation. Experimentations have provided the values of the correlation coefficient of plain images near 1 and the value of adjacent cipher images near zero which show a strong correlation. The evaluated results for UACI are more than 33 % for every considered images. The value for NPCR should be near 100 % and here the calculated results for each image are above 99 %. The complexity of the proposed encryption algorithm is O(n) due to key generation using a cryptographically secure pseudo-random number generator (CSPRNG). The compressed and transformed image evidence have been stored into decentralized blockchain to ensure the integrity and confidentiality. Decentralized blockchain has been used as a reliable and promising solution to preserve digital evidence due to its distinct features like secure peer to peer communication, improved trust and transparency among participants, integrity, confidentiality, immutability, without risk of single point-of-failure. The proposed digital forensic model is able to prevent various threats and security challenges which can contaminate or tamper off digital pieces of evidence and assures improved digital evidence administration and defensibility. In the proposed scheme, the encryption process takes only 2–3 s to perform the encryption of each size of image.

computer science, interdisciplinary applications,engineering, industrial

Nickson M Karie,Victor R Kebande,H S Venter

DOI: https://doi.org/10.1016/j.fsisyn.2019.03.006

2019-04-04

Abstract:More than ever before, the world is nowadays experiencing increased cyber-attacks in all areas of our daily lives. This situation has made combating cybercrimes a daily struggle for both individuals and organisations. Furthermore, this struggle has been aggravated by the fact that today's cybercriminals have gone a step ahead and are able to employ complicated cyber-attack techniques. Some of those techniques are minuscule and inconspicuous in nature and often camouflage in the facade of authentic requests and commands. In order to combat this menace, especially after a security incident has happened, cyber security professionals as well as digital forensic investigators are always forced to sift through large and complex pools of data also known as Big Data in an effort to unveil Potential Digital Evidence (PDE) that can be used to support litigations. Gathered PDE can then be used to help investigators arrive at particular conclusions and/or decisions. In the case of cyber forensics, what makes the process even tough for investigators is the fact that Big Data often comes from multiple sources and has different file formats. Forensic investigators often have less time and budget to handle the increased demands when it comes to the analysis of these large amounts of complex data for forensic purposes. It is for this reason that the authors in this paper have realised that Deep Learning (DL), which is a subset of Artificial Intelligence (AI), has very distinct use-cases in the domain of cyber forensics, and even if many people might argue that it's not an unrivalled solution, it can help enhance the fight against cybercrime. This paper therefore proposes a generic framework for diverging DL cognitive computing techniques into Cyber Forensics (CF) hereafter referred to as the DLCF Framework. DL uses some machine learning techniques to solve problems through the use of neural networks that simulate human decision-making. Based on these grounds, DL holds the potential to dramatically change the domain of CF in a variety of ways as well as provide solutions to forensic investigators. Such solutions can range from, reducing bias in forensic investigations to challenging what evidence is considered admissible in a court of law or any civil hearing and many more.

Abdulghani Ali Ahmed,Khalid Farhan,Waheb A Jabbar,Abdulaleem Al-Othmani,Abdullahi Gara Abdulrahman

DOI: https://doi.org/10.3390/s24165210

2024-08-12

Abstract:The Internet of Things forensics is a specialised field within digital forensics that focuses on the identification of security incidents, as well as the collection and analysis of evidence with the aim of preventing future attacks on IoT networks. IoT forensics differs from other digital forensic fields due to the unique characteristics of IoT devices, such as limited processing power and connectivity. Although numerous studies are available on IoT forensics, the field is rapidly evolving, and comprehensive surveys are needed to keep up with new developments, emerging threats, and evolving best practices. In this respect, this paper aims to review the state of the art in IoT forensics and discuss the challenges in current investigation techniques. A qualitative analysis of related reviews in the field of IoT forensics has been conducted, identifying key issues and assessing primary obstacles. Despite the variety of topics and approaches, common issues emerge. The majority of these issues are related to the collection and pre-processing of evidence because of the counter-analysis techniques and challenges associated with gathering data from devices and the cloud. Our analysis extends beyond technological problems; it further identifies the procedural problems with preparedness, reporting, and presentation as well as ethical issues. In particular, it provides insights into emerging threats and challenges in IoT forensics, increases awareness and understanding of the importance of IoT forensics in preventing cybercrimes, and ensures the security and privacy of IoT devices and networks. Our findings make a substantial contribution to the field of IoT forensics, as they not only involve a critical analysis of the challenges presented in existing works but also identify numerous problems. These insights will greatly assist researchers in identifying appropriate directions for their future research.

Muhammad Faheem,M-Tahar Kechadi,Nhien-An Le-Khac

DOI: https://doi.org/10.48550/arXiv.1611.09566

2016-11-29

Cryptography and Security

Abstract:Smartphones have become popular in recent days due to the accessibility of a wide range of applications. These sophisticated applications demand more computing resources in a resource constraint smartphone. Cloud computing is the motivating factor for the progress of these applications. The emerging mobile cloud computing introduces a new architecture to offload smartphone and utilize cloud computing technology to solve resource requirements. The popularity of mobile cloud computing is an opportunity for misuse and unlawful activities. Therefore, it is a challenging platform for digital forensic investigations due to the non-availability of methodologies, tools and techniques. The aim of this work is to analyze the forensic tools and methodologies for crime investigation in a mobile cloud platform as it poses challenges in proving the evidence. The advancement of forensic tools and methodologies are much slower than the current technology development in mobile cloud computing. Thus, forces the available tools, and techniques become increasingly obsolete. Therefore, it opens up the door for the new forensic tools and techniques to cope up with recent developments. Hence, this work presents a detailed survey of forensic methodology and corresponding issues in a mobile device, cloud environment, and mobile cloud applications. It mainly focuses on digital forensic issues related to mobile cloud applications and also analyze the scope, challenges and opportunities. Finally, this work reviewed the forensic procedures of two cloud storage services used for mobile cloud applications such as Dropbox and SkyDrive.

Nur Mohammad Ali Chisty,Parikshith Reddy Baddam,Ruhul Amin

DOI: https://doi.org/10.18034/ei.v10i2.689

2022-10-01

Engineering International

Abstract:This research investigates various strategic approaches to protecting the digital future and offers insights into the practices of the next generation of cybersecurity. The study's primary objectives are to identify key challenges and trends in the current cybersecurity landscape, evaluate the effectiveness of traditional cybersecurity approaches, investigate emerging technologies for enhancing cybersecurity resilience, examine human factors in cybersecurity resilience, and develop recommendations for future cyber defense. All of these objectives will be accomplished through the course of the study. To analyze strategic approaches to cybersecurity, the study uses a methodology based on a survey of secondary data and synthesizes the current literature from recognized sources. Among the most significant discoveries are the significance of incorporating new technologies, addressing human aspects, encouraging collaboration, and emphasizing risk management. Policy implications include promoting cooperation and the exchange of information, investing in emerging technologies, raising awareness about cybersecurity, building regulatory frameworks, and boosting international cooperation through the promotion of international cooperation. According to the findings of this study, organizations, policymakers, and other stakeholders looking to improve their cybersecurity resilience and effectively protect the digital future can benefit from the insightful insights and practical advice provided.

Milda Petraityte,Ali Dehghantanha,Gregory Epiphaniou

DOI: https://doi.org/10.48550/arXiv.1706.08048

2017-06-25

Abstract:This paper uses a scenario-based role-play experiment based on the usage of QR codes to detect how mobile users respond to social engineering attacks conducted via mobile devices. The results of this experiment outline a guided mobile phone forensics investigation method which could facilitate the work of digital forensics investigators while analysing the data from mobile devices. The behavioural response of users could be impacted by several aspects, such as impulsivity, smartphone usage and security or simply awareness that QR codes could contain malware. The findings indicate that the impulsivity of users is one of the key areas that determine the common mistakes of mobile device users. As a result, an investigative framework for mobile phone forensics is proposed based on the impulsivity and common mistakes of mobile device users. As a result, an investigative framework for mobile phone forensics is proposed based on the impulsivity and common mistakes of mobile device users. It could help the forensics investigators by potentially shortening the time spent on investigation of possible breach scenarios.

Cryptography and Security

Asanka P. Sayakkara,M. Scanlon,Muhammad Rusyaidi Zunaidi

DOI: https://doi.org/10.1109/ISDFS60797.2024.10527284

2024-04-29

Abstract:In an era where digital data security is becoming all-pervasive, and data encryption is baked in by default on many consumer-level and commercial-level devices, the encryption of Internet of Things (IoT) devices presents a significant obstacle for lawful digital forensic investigation. Towards addressing this issue, this paper introduces a novel digital forensic methodology that leverages electromagnetic side-channel analysis (EM-SCA) for the non-invasive recovery of encryption keys from black-box IoT devices, i.e., where little/nothing is known about the device's encryption in advance. By reducing the key space necessary for brute-force decryption and employing machine-learning techniques, the proposed approach enhances the digital forensic process - helping to mitigate investigative roadblocks and case backlogs. This automated, adaptable system not only preserves the integrity of forensic evidence, but also ensures wide applicability within the evolving IoT landscape. This practical methodology could prove invaluable for investigators facing the complexities of encrypted device analysis encountered during their cases.

Engineering,Computer Science

Haroon Mahmood,Maliha Arshad,Irfan Ahmed,Sana Fatima,Hafeez ur Rehman

DOI: https://doi.org/10.1016/j.fsidi.2024.301748

IF: 1.805

2024-04-06

Forensic Science International Digital Investigation

Abstract:Internet of Things (IoT) systems often consist of heterogeneous, resource-constrained devices that generate massive amounts of data. This data is important for assessments, behaviour analysis, and decision-making. However, IoT devices are also susceptible to cyber-attacks, such as information theft, personal device intervention, and privacy invasion. In case of an incident, these devices are subject to digital forensic investigation to identify and analyze crimes and misuse. Over the years, several forensic frameworks and techniques have been proposed to facilitate the investigation of IoT networks and devices, but finding a perfect solution that covers the diversity of IoT devices and networks is still a research challenge. In this study, we present a comparative analysis of existing forensic investigation frameworks and identify their strengths and weaknesses in handling forensic challenges of IoT devices. The study uses evaluation metrics of ten important parameters, including heterogeneity, scalability, and chain of custody, to thoroughly audit the effectiveness of these models. Our analysis concludes that the existing investigation frameworks do not cater to all requirements and aspects of IoT forensics. It further highlights the need for standard mechanisms to acquire and analyze digital artifacts in IoT devices.

computer science, information systems, interdisciplinary applications

Tanveer Zia,Peng Liu,Weili Han

DOI: https://doi.org/10.1145/3098954.3104052

2017-01-01

Abstract:Besides its enormous benefits to the industry and community the Internet of Things (IoT) has introduced unique security challenges to its enablers and adopters. As the trend in cybersecurity threats continue to grow, it is likely to influence IoT deployments. Therefore it is eminent that besides strengthening the security of IoT systems we develop effective digital forensics techniques that when breaches occur we can track the sources of attacks and bring perpetrators to the due process with reliable digital evidence. The biggest challenge in this regard is the heterogeneous nature of devices in IoT systems and lack of unified standards. In this paper we investigate digital forensics from IoT perspectives. We argue that besides traditional digital forensics practices it is important to have application-specific forensics in place to ensure collection of evidence in context of specific IoT applications. We consider top three IoT applications and introduce a model which deals with not just traditional forensics but is applicable in digital as well as application-specific forensics process. We believe that the proposed model will enable collection, examination, analysis and reporting of forensically sound evidence in an IoT application-specific digital forensics investigation.

David Lillis,Brett Becker,Tadhg O'Sullivan,Mark Scanlon

DOI: https://doi.org/10.48550/arXiv.1604.03850

2016-04-13

Cryptography and Security

Abstract:Given the ever-increasing prevalence of technology in modern life, there is a corresponding increase in the likelihood of digital devices being pertinent to a criminal investigation or civil litigation. As a direct consequence, the number of investigations requiring digital forensic expertise is resulting in huge digital evidence backlogs being encountered by law enforcement agencies throughout the world. It can be anticipated that the number of cases requiring digital forensic analysis will greatly increase in the future. It is also likely that each case will require the analysis of an increasing number of devices including computers, smartphones, tablets, cloud-based services, Internet of Things devices, wearables, etc. The variety of new digital evidence sources pose new and challenging problems for the digital investigator from an identification, acquisition, storage and analysis perspective. This paper explores the current challenges contributing to the backlog in digital forensics from a technical standpoint and outlines a number of future research topics that could greatly contribute to a more efficient digital forensic process.

Ahmed MohanRaj Alenezi

2023-05-13

Abstract:Digital forensics in smart environments is an emerging field that deals with the investigation and analysis of digital evidence in smart devices and environments. As smart environments continue to evolve, digital forensic investigators face new challenges in retrieving, preserving, and analyzing digital evidence. At the same time, recent advancements in digital forensic tools and techniques offer promising solutions to overcome these challenges. In this survey, we examine recent advancements and challenges in digital forensics within smart environments. Specifically, we review the current state-of-the-art techniques and tools for digital forensics in smart environments and discuss their strengths and limitations. We also identify the major challenges that digital forensic investigators face in smart environments and propose potential solutions to overcome these challenges. Our survey provides a comprehensive overview of recent advancements and challenges in digital forensics in the age of smart environments, and aims to inform future research in this area.

Cryptography and Security

Sonam Bhardwaj,Mayank Dave

DOI: https://doi.org/10.1007/s11235-024-01105-w

2024-02-17

Telecommunication Systems

Abstract:This article focuses on the urgent cybersecurity concerns in the Internet of Things (IoT) environment, highlighting the crucial importance of protecting these networks in the face of increasing amounts of IoT data. The paper explores the intricacies of deploying security mechanisms for Internet of Things (IoT) devices, specifically those that are restricted by limited resources. This study examines the inherent weaknesses in IoT systems and analyses the strategies used by malicious individuals to gain control and privileges. In order to tackle these difficulties, the study suggests a sophisticated security system that combines artificial intelligence and an intelligent attack graph. An outstanding characteristic of the model incorporates a method devised to restrain virus spread and accelerate network restoration by introducing virtual nodes. The research showcases the results of the vulnerable attack path predictor (VAPP) module of the proposed model, emphasising its exceptional accuracy in distinguishing between black (0) and red (1) attack paths compared to alternative Machine Learning techniques. Moreover, a thorough evaluation of the module's performance is carried out, with a specific emphasis on security concerns and predictive capacities. Proverif is utilised to validate the security settings and evaluate the resilience of the secret keys. The findings demonstrate a detection rate of 98.48% and an authentication rate of 85%, outperforming the achievements of earlier studies. The contributions greatly enhance the ability of IoT networks to withstand challenges, and the use of cryptographic verification confirms its dependability in the ever-changing digital environment.

telecommunications