Computer Engineering Commons^™

Using Software-Based Decision Procedures To Control Instruction-Level Execution, William B. Kimball

AFIT Patents

An apparatus, method and program product are provided for securing a computer system. A digital signature of an application is checked, which is loaded into a memory of the computer system configured to contain memory pages. In response to finding a valid digital signature, memory pages containing instructions of the application are set as executable and memory pages other than those containing instructions of the application are set as non-executable. Instructions in executable memory pages are executed. Instructions in non-executable memory pages are prevented from being executed. A page fault is generated in response to an attempt to execute an …

Trajectory Privacy Preservation In Mobile Wireless Sensor Networks, Xinyu Jin

FIU Electronic Theses and Dissertations

In recent years, there has been an enormous growth of location-aware devices, such as GPS embedded cell phones, mobile sensors and radio-frequency identification tags. The age of combining sensing, processing and communication in one device, gives rise to a vast number of applications leading to endless possibilities and a realization of mobile Wireless Sensor Network (mWSN) applications. As computing, sensing and communication become more ubiquitous, trajectory privacy becomes a critical piece of information and an important factor for commercial success. While on the move, sensor nodes continuously transmit data streams of sensed values and spatiotemporal information, known as ``trajectory information". …

A Forward-Secure Certificate-Based Signature Scheme, Jiguo Li, Huiyun Teng, Xinyu Huang, Yichen Zhang, Jianying Zhou

Faculty Publications

Cryptographic computations are often carried out on insecure devices for which the threat of key exposure raises a serious concern. In an effort to address the key exposure problem, the notion of forward security was first presented by Günther in 1990. In a forward-secure scheme, secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not enable an adversary to ‘break’ the scheme for any prior time period. In this paper, we first introduce forward security into certificate-based cryptography and define the security model of forward-secure certificate-based signatures (CBSs). …

Forensic Analysis Of Social Networking Applications On Mobile Devices, Noora Al Mutawa, Ibrahim Baggili, Andrew Marrington

Electrical & Computer Engineering and Computer Science Faculty Publications

The increased use of social networking applications on smartphones makes these devices a goldmine for forensic investigators. Potential evidence can be held on these devices and recovered with the right tools and examination methods. This paper focuses on conducting forensic analyses on three widely used social networking applications on smartphones: Facebook, Twitter, and MySpace. The tests were conducted on three popular smartphones: BlackBerrys, iPhones, and Android phones. The tests consisted of installing the social networking applications on each device, conducting common user activities through each application, acquiring a forensically sound logical image of each device, and performing manual forensic analysis …

Ipad2 Logical Acquisition: Automated Or Manual Examination?, Somaya Ali, Sumaya Alhosani, Farah Alzarooni, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Due to their usage increase worldwide, iPads are on the path of becoming key sources of digital evidence in criminal investigations. This research investigated the logical backup acquisition and examination of the iPad2 device using the Apple iTunes backup utility while manually examining the backup data (manual examination) and automatically parsing the backup data (Lantern software-automated examination).The results indicate that a manual examination of the logical backup structure from iTunes reveals more digital evidence, especially if installed application data is required for an investigation. However, the researchers note that if a quick triage is needed of an iOS device, then …

Cat Detect (Computer Activity Timeline Detection): A Tool For Detecting Inconsistency In Computer Activity Timelines, Andrew Marrington, Ibrahim Baggili, George Mohay, Andrew Clark

Electrical & Computer Engineering and Computer Science Faculty Publications

The construction of timelines of computer activity is a part of many digital investigations. These timelines of events are composed of traces of historical activity drawn from system logs and potentially from evidence of events found in the computer file system. A potential problem with the use of such information is that some of it may be inconsistent and contradictory thus compromising its value. This work introduces a software tool (CAT Detect) for the detection of inconsistency within timelines of computer activity. We examine the impact of deliberate tampering through experiments conducted with our prototype software tool. Based on the …

Survey On Cloud Forensics And Critical Criteria For Cloud Forensic Capability: A Preliminary Analysis, Keyun Ruan, Ibrahim Baggili, Joe Carthy, Tahar Kechadi

Electrical & Computer Engineering and Computer Science Faculty Publications

In this paper we present the current results and analysis of the survey “Cloud forensics and critical criteria for cloud forensic capability” carried out towards digital forensic experts and practitioners. This survey was created in order to gain a better understanding on some of the key questions of the new field - cloud forensics - before further research and development. We aim to understand concepts such as its definition, the most challenging issues, most valuable research directions, and the critical criteria for cloud forensic capability.

Iphone 3gs Forensics: Logical Analysis Using Apple Itunes Backup Utility, Mona Bader, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The iPhone mobile is used worldwide due to its enhanced computing capabilities, increased storage capacity as well as its attractive touch interface. These characteristics made the iPhone a popular smart phone device. The increased use of the iPhone lead it to become a potential source of digital evidence in criminal investigations. Therefore, iPhone forensics turned into an essential practice for forensic and security practitioners today. This research aimed at investigating and examining the logical backup acquisition of the iPhone 3GS mobile device using the Apple iTunes backup utility. It was found that significant data of forensic value such as e-mail …

Generating System Requirements For A Mobile Digital Evidence Collection System: A Preliminary Step Towards Enhancing The Forensic Collection Of Digital Devices, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Collecting digital devices in a forensically sound manner is becoming more critical since 80% of all cases have some sort of digital evidence involved in them (Rogers, 2006, p. 1) .The process of documenting and tagging digital devices is cumbersome and involves details that might not apply to other types of evidence, since each evidence item has unique physical characteristics (Hesitis & Wilbon, 2005, p. 17). The process becomes less manageable when a large number of digital devices are seized. This paper examines the information and issues investigators should be aware of when collecting digital devices at crime scenes. Furthermore, …

Security In Ad Hoc Networks And Pervasive Computing, Isaac Z. Wu, X.-Y. Li, M. Song, C.-M. Liu

Electrical & Computer Engineering Faculty Publications

Pervasive computing is an exciting and blooming research field, in which innovative techniques and applications are continuously emerging and aim to provide ambient and personalized services to users with high quality. Ad hoc networks are wireless, self-organizing systems formed by cooperating nodes within communication range of each other that form temporary networks. Their topology is dynamic, decentralized, ever changing and the nodes may move around arbitrarily. The last few years have witnessed a wealth of research ideas on ad hoc networking that are moving rapidly into implemented standards. Technology under development for ad hoc networks and pervasive computing is making …

Self-Reported Cyber Crime: An Analysis On The Effects Of Anonymity And Pre-Employment Integrity, Ibrahim Baggili, Marcus Rogers

Electrical & Computer Engineering and Computer Science Faculty Publications

A key issue facing today’s society is the increase in cyber crimes. Cyber crimes pose threats to nations, organizations and individuals across the globe. Much of the research in cyber crime has risen from computer science-centric programs, and little experimental research has been performed on the psychology of cyber crime. This has caused a knowledge gap in the study of cyber crime. To this end, this research focuses on understanding psychological concepts related to cyber crime. Through an experimental design, participants were randomly assigned to three groups with varying degrees of anonymity. After each treatment, participants were asked to self-report …

Multicast Encryption Infrastructure For Security In Sensor Networks, Richard R. Brooks, Brijesh Pillai, Matthew Pirretti, Michele C. Weigle

Computer Science Faculty Publications

Designing secure sensor networks is difficult. We propose an approach that uses multicast communications and requires fewer encryptions than pairwise communications. The network is partitioned into multicast regions; each region is managed by a sensor node chosen to act as a keyserver. The keyservers solicit nodes in their neighborhood to join the local multicast tree. The keyserver generates a binary tree of keys to maintain communication within the multicast region using a shared key. Our approach supports a distributed key agreement protocol that identifies the compromised keys and supports membership changes with minimum system overhead. We evaluate the overhead of …

An Ad Hoc Adaptive Hashing Technique For Non-Uniformly Distributed Ip Address Lookup In Computer Networks, Christopher Martinez, Wei-Ming Lin

Electrical & Computer Engineering and Computer Science Faculty Publications

Hashing algorithms have been widely adopted for fast address look-up, which involves a search through a database to find a record associated with a given key. Hashing algorithms transforms a key into a hash value hoping that the hashing renders the database a uniform distribution with respect to the hash value. The closer to uniform hash values, the less search time required for a query. When the database is key-wise uniformly distributed, any regular hashing algorithm (bit-extraction, bit-group XOR, etc.) leads to a statistically perfect uniform hash distribution. When the database has keys with a non-uniform distribution, performance of regular …

Stackguard: Automatic Adaptive Detection And Prevention Of Buffer-Overflow Attacks, Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang

Computer Science Faculty Publications and Presentations

This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge.

We describe StackGuard: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged programs that are recompiled with the StackGuard …

A Specialization Toolkit To Increase The Diversity Of Operating Systems, Calton Pu, Andrew P. Black, Crispin Cowan, Jonathan Walpole, Charles Consel

Computer Science Faculty Publications and Presentations

Virus and worm attacks that exploit system implementation details can be countered with a diversified set of implementations. Furthermore, immune systems show that attacks from previously unknown organisms require effective dynamic response. In the Synthetix project, we have been developing a specialization toolkit to improve the performance of operating system kernels. The toolkit helps programmers generate and manage diverse specialized implementations of software modules. The Tempo-C specializer tool generates different versions for both compile-time and run-time specialization. We are now adapting the toolkit to improve operating system survivability against implementations attacks.