Computer Engineering Commons^™

Improving Ethics Surrounding Collegiate-Level Hacking Education: Recommended Implementation Plan & Affiliation With Peer-Led Initiatives, Shannon Morgan, Dr. Sanjay Goel

Military Cyber Affairs

Cybersecurity has become a pertinent concern, as novel technological innovations create opportunities for threat actors to exfiltrate sensitive data. To meet the demand for professionals in the workforce, universities have ramped up their academic offerings to provide a broad range of cyber-related programs (e.g., cybersecurity, informatics, information technology, digital forensics, computer science, & engineering). As the tactics, techniques, and procedures (TTPs) of hackers evolve, the knowledge and skillset required to be an effective cybersecurity professional have escalated accordingly. Therefore, it is critical to train cyber students both technically and theoretically to actively combat cyber criminals and protect the confidentiality, integrity, …

Using Digital Twins To Protect Biomanufacturing From Cyberattacks, Brenden Fraser-Hevlin, Alec W. Schuler, B. Arda Gozen, Bernard J. Van Wie

Military Cyber Affairs

Understanding of the intersection of cyber vulnerabilities and bioprocess regulation is critical with the rise of artificial intelligence and machine learning in manufacturing. We detail a case study in which we model cyberattacks on network-mediated signals from a novel bioreactor, where it is important to control medium feed rates to maintain cell proliferation. We use a digital twin counterpart reactor to compare glucose and oxygen sensor signals from the bioreactor to predictions from a kinetic growth model, allowing discernment of faulty sensors from hacked signals. Our results demonstrate a successful biomanufacturing cyberattack detection system based on fundamental process control principles.

Characterizing Advanced Persistent Threats Through The Lens Of Cyber Attack Flows, Logan Zeien, Caleb Chang, Ltc Ekzhin Ear, Dr. Shouhuai Xu

Military Cyber Affairs

Effective cyber defense must build upon a deep understanding of real-world cyberattacks to guide the design and deployment of appropriate defensive measures against current and future attacks. In this abridged paper (of which the full paper is available online), we present important concepts for understanding Advanced Persistent Threats (APTs), our methodology to characterize APTs through the lens of attack flows, and a detailed case study of APT28 that demonstrates our method’s viability to draw useful insights. This paper makes three technical contributions. First, we propose a novel method of constructing attack flows to describe APTs. This abstraction allows technical audiences, …

Securing The Void: Assessing The Dynamic Threat Landscape Of Space, Brianna Bace, Dr. Unal Tatar

Military Cyber Affairs

Outer space is a strategic and multifaceted domain that is a crossroads for political, military, and economic interests. From a defense perspective, the U.S. military and intelligence community rely heavily on satellite networks to meet national security objectives and execute military operations and intelligence gathering. This paper examines the evolving threat landscape of the space sector, encompassing natural and man-made perils, emphasizing the rise of cyber threats and the complexity introduced by dual-use technology and commercialization. It also explores the implications for security and resilience, advocating for collaborative efforts among international organizations, governments, and industry to safeguard the space sector.

Commercial Enablers Of China’S Cyber-Intelligence And Information Operations, Ethan Mansour, Victor Mukora

Military Cyber Affairs

In a globally commercialized information environment, China uses evolving commercial enabler networks to position and project its goals. They do this through cyber, intelligence, and information operations. This paper breaks down the types of commercial enablers and how they are used operationally. It will also address the CCP's strategy to gather and influence foreign and domestic populations throughout cyberspace. Finally, we conclude with recommendations for mitigating the influence of PRC commercial enablers.

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

An Ml Based Digital Forensics Software For Triage Analysis Through Face Recognition, Gaurav Gogia, Parag H. Rughani

Journal of Digital Forensics, Security and Law

Since the past few years, the complexity and heterogeneity of digital crimes has increased exponentially, which has made the digital evidence & digital forensics paramount for both criminal investigation and civil litigation cases. Some of the routine digital forensic analysis tasks are cumbersome and can increase the number of pending cases especially when there is a shortage of domain experts. While the work is not very complex, the sheer scale can be taxing. With the current scenarios and future predictions, crimes are only going to become more complex and the precedent of collecting and examining digital evidence is only going …

Security-Enhanced Serial Communications, John White, Alexander Beall, Joseph Maurio, Dane Fichter, Dr. Matthew Davis, Dr. Zachary Birnbaum

Military Cyber Affairs

Industrial Control Systems (ICS) are widely used by critical infrastructure and are ubiquitous in numerous industries including telecommunications, petrochemical, and manufacturing. ICS are at a high risk of cyber attack given their internet accessibility, inherent lack of security, deployment timelines, and criticality. A unique challenge in ICS security is the prevalence of serial communication buses and other non-TCP/IP communications protocols. The communication protocols used within serial buses often lack authentication and integrity protections, leaving them vulnerable to spoofing and replay attacks. The bandwidth constraints and prevalence of legacy hardware in these systems prevent the use of modern message authentication and …

Enhancing The Battleverse: The People’S Liberation Army’S Digital Twin Strategy, Joshua Baughman

Military Cyber Affairs

No abstract provided.

Operationalizing Deterrence By Denial In The Cyber Domain, Gentry Lane

Military Cyber Affairs

No abstract provided.

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

The Security And Cyber Defence Realities And Difficulties In Algeria, Kada Aicha

Journal of Police and Legal Sciences

This research paper aims to shed light on the digital challenge faced by Algeria as it enters the world of the knowledge society, which qualifies it to achieve cybersecurity and cyber defense against various forms and types of security threats, including cyber threats. The researcher used an analytical approach to understand the phenomenon under study and trace its causes, in addition to a case study method to study all aspects of the studied phenomenon and identify the characteristics of the case study - Algeria was chosen as the analysis unit. The study concluded several important results, including:

The deficiency of …

An Evaluation Framework For Digital Image Forensics Tools, Zainab Khalid, Sana Qadir

Journal of Digital Forensics, Security and Law

The boom of digital cameras, photography, and social media has drastically changed how humans live their day-to-day, but this normalization is accompanied by malicious agents finding new ways to forge and tamper with images for unlawful monetary (or other) gains. Disinformation in the photographic media realm is an urgent threat. The availability of a myriad of image editing tools renders it almost impossible to differentiate between photo-realistic and original images. The tools available for image forensics require a standard framework against which they can be evaluated. Such a standard framework can aid in evaluating the suitability of an image forensics …

Metasoftware: Building Blocks For Legal Technology, Houman Shadab

Seattle Journal of Technology, Environmental & Innovation Law

This Article develops a novel concept in information technology called “metasoftware.” It then applies the concept of metasoftware to developing legal technology.

Metasoftware enables users to create the software of their choosing and stands in sharp contrast to traditional, functional. Functional software is the default type of software that is currently produced and includes word processing, email, social networking, enterprise resource management, online marketplaces, and video game software. Metasoftware, by contrast, is not functional. Metasoftware presents the user with a blank slate upon which to build functional software.

I argue that software is metasoftware to that extent that (1) it …

Defensive Industrial Policy: Cybersecurity Interventions To Reduce Intellectual Property Theft, Dr. Chad Dacus, Dr. Carl (Cj) Horn

Military Cyber Affairs

Through cyber-enabled industrial espionage, China has appropriated what Keith Alexander, the former Director of the National Security Agency, dubbed “the largest transfer of wealth in history.” Although China disavows intellectual property (IP) theft by its citizens and has set self-sustained research and development as an important goal, it is unrealistic to believe IP theft will slow down meaningfully without changing China’s decision calculus. China and the United States have twice agreed, in principle, to respect one another’s IP rights. However, these agreements have lacked any real enforcement mechanism, so the United States must do more to ensure its IP is …

Enter The Battleverse: China's Metaverse War, Josh Baughman

Military Cyber Affairs

No abstract provided.

A Proportionality-Based Framework For Government Regulation Of Digital Tracing Apps In Times Of Emergency, Sharon Bassan

Dickinson Law Review (2017-Present)

Times of emergency present an inherent conflict between the public interest and the preservation of individual rights. Such times require granting emergency powers to the government on behalf of the public interest and relaxing safeguards against government actions that infringe rights. The lack of theoretical framework to assess governmental decisions in times of emergency leads to a polarized and politicized discourse about potential policies, and often, to public distrust and lack of compliance.

Such a discourse was evident regarding Digital Tracing Apps (“DTAs”), which are apps installed on cellular phones to alert users that they were exposed to people who …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

Deepfakes, Shallowfakes, And The Need For A Private Right Of Action, Eric Kocsis

Dickinson Law Review (2017-Present)

For nearly as long as there have been photographs and videos, people have been editing and manipulating them to make them appear to be something they are not. Usually edited or manipulated photographs are relatively easy to detect, but those days are numbered. Technology has no morality; as it advances, so do the ways it can be misused. The lack of morality is no clearer than with deepfake technology.

People create deepfakes by inputting data sets, most often pictures or videos into a computer. A series of neural networks attempt to mimic the original data set until they are nearly …

Don't Bite The Bait: Phishing Attack For Internet Banking (E-Banking), Ilker Kara

Journal of Digital Forensics, Security and Law

Phishing attacks are based on obtaining desired information from users quickly and easily with the help of misdirecting, panicking, curiosity, or excitement. Most of the phishing web sites are designed on internet banking(e-banking) and the attackers can acquire financial information of misled users with the tactics and discourses they develop. Despite the increase of prevention techniques against phishing attacks day by day, an effective solution could not be found for this issue due to the human factor. Because of this reason, real phishing attack studies are essential to study and analyze the attackers’ attack techniques and strategies. This study focused …

Poland’S Challenge To Eu Directive 2019/790: Standing Up To The Destruction Of European Freedom Of Expression, Michaela Cloutier

Dickinson Law Review (2017-Present)

In 2019, the European Parliament and Council passed Directive 2019/790. The Directive’s passage marked the end of a fouryear- long legislative attempt to impose more liability for copyright violations on Online Service Providers, an effort which was controversial from the start. Online Service Providers fear that the 2019 Directive, especially its Article 17, will completely change the structure of liability on the Internet, forcing providers to adopt expensive content filtering systems. Free speech advocates fear that ineffective filtering technology will infringe upon Internet users’ rights to express themselves, and legal scholars have pointed out the Directive’s inconsistency with prior European …

Fixing Social Media: Toward A Democratic Digital Commons, Michael Kwet

Markets, Globalization & Development Review

In the past few years, big Social Media networks like Facebook, Twitter, and YouTube have received intense scrutiny from the intellectual classes. This article critiques the dominant strain of criticism, the neo-Brandeisian School of antitrust, for its narrow focus on “regulated competition” as an appropriate means to “fix social media”. This essay calls for a socialist alternative: a democratic social media commons based on free and open source technology, decentralization, and democratic socialist legal solutions. It reviews how existing solutions like the Fediverse and LibreSocial work, and how they may provide answers for a better way forward.

From Protecting To Performing Privacy, Garfield Benjamin

The Journal of Sociotechnical Critique

Privacy is increasingly important in an age of facial recognition technologies, mass data collection, and algorithmic decision-making. Yet it persists as a contested term, a behavioural paradox, and often fails users in practice. This article critiques current methods of thinking privacy in protectionist terms, building on Deleuze's conception of the society of control, through its problematic relation to freedom, property and power. Instead, a new mode of understanding privacy in terms of performativity is provided, drawing on Butler and Sedgwick as well as Cohen and Nissenbaum. This new form of privacy is based on identity, consent and collective action, a …

A New Framework For Securing, Extracting And Analyzing Big Forensic Data, Hitesh Sachdev, Hayden Wimmer, Lei Chen, Carl Rebman

Journal of Digital Forensics, Security and Law

Finding new methods to investigate criminal activities, behaviors, and responsibilities has always been a challenge for forensic research. Advances in big data, technology, and increased capabilities of smartphones has contributed to the demand for modern techniques of examination. Smartphones are ubiquitous, transformative, and have become a goldmine for forensics research. Given the right tools and research methods investigating agencies can help crack almost any illegal activity using smartphones. This paper focuses on conducting forensic analysis in exposing a terrorist or criminal network and introduces a new Big Forensic Data Framework model where different technologies of Hadoop and EnCase software are …

Data Protection In Nigeria: Addressing The Multifarious Challenges Of A Deficient Legal System, Roland Akindele

Journal of International Technology and Information Management

This paper provides an overview of the current state of privacy and data protection policies and regulations in Nigeria. The paper contends that the extant legal regime in Nigeria is patently inadequate to effectively protect individuals against abuse resulting from the processing of their personal data. The view is based on the critical analysis of the current legal regime in Nigeria vis-à-vis the review of some vital data privacy issues. The paper makes some recommendations for the reform of the law.

A Forensic Email Analysis Tool Using Dynamic Visualization, Johannes Stadlinger, Andreas Dewald

Journal of Digital Forensics, Security and Law

Communication between people counts to the most important information of today’s business. As a result, in case of forensic investigations in big companies, analysis of communication data in general and especially email, as the still most widely used business communication platform with an immense and still growing volume, is a typical task in digital forensics. One of the challenges is to identify the relevant communication partners and structures in the suspects surrounding as quickly as possible in order to react appropriately and identify further targets of evaluation. Due to the amount of emails in typical inboxes, reading through all the …

Find Me If You Can: Mobile Gps Mapping Applications Forensic Analysis & Snavp The Open Source, Modular, Extensible Parser, Jason Moore, Ibrahim Baggili, Frank Breitinger

Journal of Digital Forensics, Security and Law

The use of smartphones as navigation devices has become more prevalent. The ubiquity of hand-held navigation devices such as Garmins or Toms Toms has been falling whereas the ownership of smartphones and their adoption as GPS devices is growing. This work provides a comprehensive study of the most popular smartphone mapping applications, namely Google Maps, Apple Maps, Waze, MapQuest, Bing, and Scout, on both Android and iOS. It details what data was found, where it was found, and how it was acquired for each application. Based on the findings, the work allowed for the construction of a tool capable of …

Compression Of Virtual-Machine Memory In Dynamic Malware Analysis, James E. Fowler Ph.D.

Journal of Digital Forensics, Security and Law

Lossless compression of memory dumps from virtual machines that run malware samples is considered with the goal of significantly reducing archival costs in dynamic-malware-analysis applications. Given that, in such dynamic-analysis scenarios, malware samples are typically run in virtual machines just long enough to activate any self-decryption or other detection- avoidance maneuvers, the virtual-machine memory typically changes little from that of the baseline state, with the difference being attributable in large degree to the loading of additional executables and libraries. Consequently, delta coding is proposed to compress the current virtual-machine memory dump by coding its differences with respect to a predicted …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.