Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 26 of 26
Full-Text Articles in Physical Sciences and Mathematics
Information Security Surveys: A Review Of The Methodologies, The Critics And A Pragmatic Approach To Their Purposes And Usage, Alexis Guillot, Sue Kennedy
Information Security Surveys: A Review Of The Methodologies, The Critics And A Pragmatic Approach To Their Purposes And Usage, Alexis Guillot, Sue Kennedy
Australian Information Security Management Conference
Each year the latest information security surveys are released to the computing and business communities. Often their findings and their methodologies are subject to criticism from the information security community, professional bodies and others in the profession. This paper looks at the viewpoints of both the producers and the critics of the surveys. The criticisms cover such issues as the methodologies, the response rates, the experience of the respondents, the design of the questions and the interpretation of the results. This paper looks at these issues and discusses the validity of these criticisms, the impact of the surveys and their …
Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward
Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward
Australian Information Security Management Conference
The major players in the Public Branch Exchange (PBX) market are moving rapidly towards the implementation of IP Telephony. What will be the effect on network security overall? Will the push to IP Telephony damage the good work already devoted to security networks? As more doorways open up on our networks there is an increased chance we have opened another unseen vector for hackers and other malicious organisation or individuals to access the data stored on server and users workstations, corrupting that data or destroying it. Is it better from a security perspective to have IP telephony only between PBX …
A Comprehensive Firewall Testing Methodology, Murray Brand
A Comprehensive Firewall Testing Methodology, Murray Brand
Australian Information Security Management Conference
This paper proposes an all encompassing test methodology for firewalls. It extends the life cycle model to revisit the major phases of the life cycle after a firewall is in service as foundations for the tests. The focus of the tests is to show that the firewall is, or isn’t, still fit for purpose. It also focuses on the traceability between business requirements through to policy, rule sets, physical design, implementation, egress and ingress testing, monitoring and auditing. The guidelines are provided by a Test and Evaluation Master Plan (TEMP). The methodology is very much process driven and in keeping …
Increasing Security In The Physical Layer Of Wireless Communication, Luke Golygowski
Increasing Security In The Physical Layer Of Wireless Communication, Luke Golygowski
Australian Information Security Management Conference
This paper introduces a concept of increasing securing in the Physical layer (PHY) of wireless communication. It gives a short description of current status of wireless standards and their security. Despite the existence of advanced security protocols such as IEEE 802.11i or WLAN VPNs, wireless networks still remain vulnerable to denial-of-service (DoS) attacks aiming at PHY and Data Link Layers. The new solution challenges the problems with the currently defined PHY and Data Link layers. The concept introduced here, holds a promise of descending with some of the security measures to the lower layers of the TCP/IP and in this …
Network Security Devices And Protocols Using State Model Diagrams, C. Nuangjamnong, D. Veal, S. P. Maj
Network Security Devices And Protocols Using State Model Diagrams, C. Nuangjamnong, D. Veal, S. P. Maj
Australian Information Security Management Conference
Network security is concerned with protecting sensitive information, limiting unauthorised access, and reinforcing network performance. An important factor in network security is encryption. Internet Security Protocol (IPSec) is the de facto open standard for encryption and replaces the older Cisco Encryption Technology (CET). Both encryption protocols are typically implemented and managed using the text based Command Line Interface (CLI). A graphical user interface (GUI) is available; however, it is not routinely used. Regardless of whether the CLI or GUI is used, both encryption suites are complex to implement and manage. State Model Diagrams (SMDs) were developed and successfully used as …
Securing Voip: A Framework To Mitigate Or Manage Risks, Peter James, Andrew Woodward
Securing Voip: A Framework To Mitigate Or Manage Risks, Peter James, Andrew Woodward
Australian Information Security Management Conference
In Australia, the past few years have seen Voice over IP (VoIP) move from a niche communications medium used by organisations with the appropriate infrastructure and capabilities to a technology that is available to any one with a good broadband connection. Driven by low cost and no cost phone calls, easy to use VoIP clients and increasingly reliable connections, VoIP is replacing the Public Switch Telephone Network (PSTN) in a growing number of households. VoIP adoption appears to be following a similar path to early Internet adoption, namely little awareness by users of the security implications. Lack of concern about …
The Need For A Security/Privacy Model For The Health Sector In Ghana, James Tetteh Ami-Narh, Patricia A. Williams
The Need For A Security/Privacy Model For The Health Sector In Ghana, James Tetteh Ami-Narh, Patricia A. Williams
Australian Information Security Management Conference
Many developing countries around the world are faced with the dilemma “brain-drain” as their healthcare professionals seek better economic opportunities in other countries. This problem is compounded by a lack of robust healthcare infrastructure requiring substantive improvements to bring them up to date. This impacts a countries ability to understand morbidity and mortality patterns which impact health care policy and program planning. The lack of IT infrastructure also negatively affects the safety, quality, and efficiency of health care delivery in these countries. Ghana is faced with this precise set of circumstances as it struggles to adopt policies to overcome these …
The Phantasm Of Atm Withdrawal, Nattakant Utakrit
The Phantasm Of Atm Withdrawal, Nattakant Utakrit
Australian Information Security Management Conference
Despite the stringent legislation and increased enforcement aimed at combating financial crime, fraud using cash machines remains a public concern. The problem of ATM fraud is happening on a global scale and the ramifications have been felt in Australia. This paper highlights the stratagems of financial crime, in particular of ATM fraud. The abuse of ATMs with intelligent methods used by perpetrators will be discussed. At the same time, the paper will present some global cases of ATM fraud. Finally this paper will illustrate countermeasures and security methods, such as biometrics and premises protections of banks, financial institutions and customers, …
Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong
Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong
Australian Information Security Management Conference
Information superiority has been defined as a state that is achieved when a competitive advantage is derived from the ability to exploit a superior information position. To achieve such a superior information position enterprises and nations, alike, must not only collect and record correct, accurate, timely and useful information but also ensure that information recorded is not lost to competitors due to lack of comprehensive security and leaks. Further, enterprises that aim to attain information superiority must also ensure mechanisms of validating and verifying information to reduce the chances of mis-information. Although, research has been carried out into ways to …
The Need For An Investigation Into Possible Security Threats Associated With Sql Based Emr Software, Lee Heinke
The Need For An Investigation Into Possible Security Threats Associated With Sql Based Emr Software, Lee Heinke
Australian Information Security Management Conference
An increasing amount of E-health software packages are being bundled with Standard Query Language (SQL) databases as a means of storing Electronic Medical Records (EMR’s). These databases allow medical practitioners to store, change and maintain large volumes of patient information. The software that utilizes these databases pulls data directly from fields within the database based on standardized query statements. These query statements use the same methods as web-based applications to dynamically pull data from the database so it can be manipulated by the Graphical User Interface (GUI). This paper proposes a study for an investigation into the susceptibility of popular …
Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa Armstrong
Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa Armstrong
Australian Information Security Management Conference
Public Key Infrastructure (PKI) has for the last two decades been a means of securing systems and communication. With the adoption of Open Document Format (ODF) as an ISO standard, the question remains if the unpopular, expensive, complex and unmaintainable PKI can prove to be a viable means of securing ODF documents. This paper analyses the drawbacks of PKI and evaluates the usefulness of PKI in provisioning robust, cheap and maintainable XML security to XML based ODF. This paper also evaluates the existing research on XML security, more specifically fine grained access control.
Medical Identity Theft – Not Feeling Like Yourself?, Darren Webb
Medical Identity Theft – Not Feeling Like Yourself?, Darren Webb
Australian Information Security Management Conference
Hospital and general practice healthcare providers today rely heavily on the information and communication technologies they employ to provide access to patient and associated data. The continuing migration to wireless means of data transfer has afforded system users more convenient and timely access to information via the use of 802.11 based wireless network capable devices. Through the increased digital connectivity of these internet and wireless based networks, new avenues of criminal activity such as medical identity theft have been steadily increasing as malicious individuals and organisations seek to abuse the digital ubiquity of the electronic medical record. The increased need …
Taxonomy Of Iphone Activation And Sim Unlocking Methods, Marwan Al-Zarouni, Haitham Al-Hajri
Taxonomy Of Iphone Activation And Sim Unlocking Methods, Marwan Al-Zarouni, Haitham Al-Hajri
Australian Information Security Management Conference
This paper will discuss the different methods of SIM unlocking and activation for the Apple iPhone. Early iPhone activation and SIM card fabrication methods as well as the latest software only methods will be discussed. The paper will examine the benefits and drawbacks of each method. It will provide a step-by-step guide to creating a specially crafted SIM card for an iPhone by using Super SIM and Turbo SIM methods. The paper will also include a section on recovering (unbricking) the iPhone and other advanced hacks
Managing Analysis, David Shaw
Managing Analysis, David Shaw
Australian Information Warfare and Security Conference
The Intelligence profession requires effective management to function properly and professional discourse highlights the changing nature of intelligence work. Highlighted “failures” are linked to organizational structures and ethos, and proposals to address the problems include discussion of human and organizational factors with recommendations that address the issues. However, optimising the intelligence process may not be a simple case of applying management techniques as the work relies substantially on individual endeavour. Innovative management techniques are needed and these should be grounded in recognising the peculiar nature of analysis and the skill set required.
An Approach In Identifying And Tracing Back Spoofed Ip Packets To Their Sources, Krishnun Sansurooah
An Approach In Identifying And Tracing Back Spoofed Ip Packets To Their Sources, Krishnun Sansurooah
Australian Digital Forensics Conference
With internet expanding in every aspect of businesses infrastructure, it becomes more and more important to make these businesses infrastructures safe and secure to the numerous attacks perpetrated on them conspicuously when it comes to denial of service (DoS) attacks. A Dos attack can be summarized as an effort carried out by either a person or a group of individual to suppress a particular outline service. This can hence be achieved by using and manipulating packets which are sent out using the IP protocol included into the IP address of the sending party. However, one of the major drawbacks is …
Mood 300 Iptv Decoder Forensics, An Hilven
Mood 300 Iptv Decoder Forensics, An Hilven
Australian Digital Forensics Conference
Since June 2005, viewers in Belgium can get access digital TV or IPTV available via ADSL through Belgacom, the largest telecommunications provider in the country. The decoders used to enjoy these services are the Mood 300 series from Tilgin (formerly i3 Micro Technology). As of the Mood 337, the decoders contain a hard disk to enable the viewer to record and pause TV programs. Although it is publicly known that the Mood’s hard disk is used to save recorded and paused TV programs, it was still unknown if it contains any data that could be of interest during a forensic …
Tracing Usb Device Artefacts On Windows Xp Operating System For Forensic Purpose, Victor Chileshe Luo
Tracing Usb Device Artefacts On Windows Xp Operating System For Forensic Purpose, Victor Chileshe Luo
Australian Digital Forensics Conference
On Windows systems several identifiers are created when a USB device is plugged into a universal serial bus. Some of these artefacts or identifiers are unique to the device and consistent across different Windows platforms as well as other operating systems such as Linux. Another key factor that makes these identifiers forensically important is the fact that they are traceable even after the system has been shut down. Hence they can be used in forensic investigations to identify specific devices that have been connected to the system in question
Introduction To Mobile Phone Flasher Devices And Considerations For Their Use In Mobile Phone Forensics, Marwan Al-Zarouni
Introduction To Mobile Phone Flasher Devices And Considerations For Their Use In Mobile Phone Forensics, Marwan Al-Zarouni
Australian Digital Forensics Conference
The paper gives an overview of mobile phone flasher devices and their use for servicing mobile phones, their illegitimate uses and their use in mobile phone forensics. It discusses the different varieties of flasher devices and the differences between them. It also discusses the shortcomings of conventional mobile forensics software and highlights the need for the use of flasher devices in mobile forensics to compensate for the shortcomings. The paper then discusses the issues with the use of flasher devices in mobile forensics and precautions and considerations of their use. The paper goes further to suggest means of testing the …
The Effectiveness Of Investigative Tools For Secure Digital (Sd) Memory Card Forensics, Haitham Al-Hajri, Patricia Williams
The Effectiveness Of Investigative Tools For Secure Digital (Sd) Memory Card Forensics, Haitham Al-Hajri, Patricia Williams
Australian Digital Forensics Conference
There are many freeware based tools that can be downloaded from the World Wide Web. This paper reports the retrieval results of using these tools on digital images which have been deleted from Secure Digital (SD) cards. Since SD cards and USB flash drives are considered solid state technology, the tools selected are specifically for solid state drives. This research helps classify the selection of the most effective freeware tools that could be used to recover lost or deleted images. Further, it includes some of the issues that would face forensic examiners undertaking such investigations. The tools were tested using …
An Overview And Examination Of Digital Pda Devices Under Forensics Toolkits, Krishnun Sansurooah
An Overview And Examination Of Digital Pda Devices Under Forensics Toolkits, Krishnun Sansurooah
Australian Digital Forensics Conference
Personal Digital Assistants most commonly known as PDAs are becoming more and more fashionable and affordable in the working environment. With the advent and rapidly increasing technology these handled devices are now targeted by a lot of person with criminal intentions. But unfortunately crime does not choose its technology and nowadays those ultra light handhelds are getting more and more involved in crimes. This therefore become an onerous task for the forensics examiners who needs the proper forensics tools to investigate the information held on these devices. The purpose of this report will browse the current forensics toolkits available and …
Forensic Analysis Avoidance Techniques Of Malware, Murray Brand
Forensic Analysis Avoidance Techniques Of Malware, Murray Brand
Australian Digital Forensics Conference
Anti-forensic techniques are increasingly being used by malware writers to avoid detection and analysis of their malicious code. Penalties for writing malware could include termination of employment, fines or even, imprisonment. Malware writers are motivated not to get caught and are actively using subversive techniques to avoid forensic analysis. Techniques employed include obfuscation, anti-disassembly, encrypted and compressed data, data destruction and anti-debugging. Automated detection and classification work is progressing in this field. This includes analysing statistical structures such as assembly instructions, system calls, system dependence graphs and classification through machine learning.
A Proof-Of-Concept Project For Utilizing U3 Technology In Incident Response, Marwan Al-Zarouni, Haitham Al-Hajri
A Proof-Of-Concept Project For Utilizing U3 Technology In Incident Response, Marwan Al-Zarouni, Haitham Al-Hajri
Australian Digital Forensics Conference
This paper discusses the importance of live forensics and the use of an automated USB based smart data gathering technology to be used in incident response. The paper introduces the technology and its application in incidence response as well as highlight how it works. It also explains the tools that it uses to gather the live data from target systems. The paper also highlights some of the advantages and disadvantages of the technology as will as its limitations. The paper concludes with mentioning the importance of testing the tool and ways it can be developed and taken further.
A Forensically Tested Tool For Identification Of Notebook Computers To Aid Recovery: Liars Phase I Proof Of Concept, Peter Hannay, Andrew Woodward, Nic Cope
A Forensically Tested Tool For Identification Of Notebook Computers To Aid Recovery: Liars Phase I Proof Of Concept, Peter Hannay, Andrew Woodward, Nic Cope
Australian Digital Forensics Conference
The LIARS tool was designed to enable identification, and potentially the return, to the rightful owner of stolen laptop or notebook computers. Many laptops are discovered by Police, but time constraints prevent recovered devices from being identified. This project has produced a proof of concept tool which can be used by virtually any police officer, or other investigator, which does not alter the hard drive in any fashion. The tool uses a modified version of the chntpw software, and is based on a forensically tested live Linux CD. The tool examines registry hives for known location of keys which may …
Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa J. Armstrong
Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa J. Armstrong
Research outputs pre 2011
Information superiority has been defined as a state that is achieved when a competitive advantage is derived from the ability to exploit a superior information position. To achieve such a superior information position enterprises and nations, alike, must not only collect and record correct, accurate, timely and useful information but also ensure that information recorded is not lost to competitors due to lack of comprehensive security and leaks. Further, enterprises that aim to attain information superiority must also ensure mechanisms of validating and verifying information to reduce the chances of mis-information. Although, research has been carried out into ways to …
Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa J. Armstrong
Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa J. Armstrong
Research outputs pre 2011
Public Key Infrastructure (PKI) has for the last two decades been a means of securing systems and communication. With the adoption of Open Document Format (ODF) as an ISO standard, the question remains if the unpopular, expensive, complex and unmaintainable PKI can prove to be a viable means of securing ODF documents. This paper analyses the drawbacks of PKI and evaluates the useji.tlness of PKl in provisioning robust, cheap and maintainable XML security to XML based ODF. This paper also evaluates the existing research on XML security, more specifically fine grained access control.
Triangulation Based Static Wide Angle Laser Scanning For Obstacle Detection, Kaveh Sahba, Kamal Alameh, Clifton Smith
Triangulation Based Static Wide Angle Laser Scanning For Obstacle Detection, Kaveh Sahba, Kamal Alameh, Clifton Smith
Research outputs pre 2011
This paper demonstrates discrete laser spot projection over a wide angle using a novel cylindrical quasi-cavity waveguide, with no moving parts. Furthermore, the distance to each spot is calculated using active laser triangulation. The triangulation arrangement and the trajectory of principal rays are modelled using a system of linear equations based on optical geometry. Linear algebra is used to derive the unique baseline and outgoing angle of every projected beam. The system is calibrated by finding optimal values for uncertain instrumental parameters using constrained non-linear optimization. Distances calculated indoors result in accuracies of over 93%