Physical Sciences and Mathematics Commons^™

Gradient Descent Localization In Wireless Sensor Networks, Nuha A.S. Alwan, Zahir M. Hussain

Research outputs 2014 to 2021

Meaningful information sharing between the sensors of a wireless sensor network (WSN) necessitates node localization, especially if the information to be shared is the location itself, such as in warehousing and information logistics. Trilateration and multilateration positioning methods can be employed in two-dimensional and threedimensional space respectively. These methods use distance measurements and analytically estimate the target location; they suffer from decreased accuracy and computational complexity especially in the three-dimensional case. Iterative optimization methods, such as gradient descent (GD), offer an attractive alternative and enable moving target tracking as well. This chapter focuses on positioning in three dimensions using time-of-arrival …

A Novel Privacy Preserving User Identification Approach For Network Traffic, Nathan Clarke, Fudong Li, Steven Furnell

Research outputs 2014 to 2021

The prevalence of the Internet and cloud-based applications, alongside the technological evolution of smartphones, tablets and smartwatches, has resulted in users relying upon network connectivity more than ever before. This results in an increasingly voluminous footprint with respect to the network traffic that is created as a consequence. For network forensic examiners, this traffic represents a vital source of independent evidence in an environment where anti-forensics is increasingly challenging the validity of computer-based forensics. Performing network forensics today largely focuses upon an analysis based upon the Internet Protocol (IP) address – as this is the only characteristic available. More typically, …

A Feature-Based Structural Measure: An Image Similarity Measure For Face Recognition, Noor A. Shnain, Zahir Hussain, Song F. Lu

Research outputs 2014 to 2021

Facial recognition is one of the most challenging and interesting problems within the field of computer vision and pattern recognition. During the last few years, it has gained special attention due to its importance in relation to current issues such as security, surveillance systems and forensics analysis. Despite this high level of attention to facial recognition, the success is still limited by certain conditions; there is no method which gives reliable results in all situations. In this paper, we propose an efficient similarity index that resolves the shortcomings of the existing measures of feature and structural similarity. This measure, called …

A Compact, Flexible Fiber-Optic Surface Plasmon Resonance Sensor With Changeable Sensor Chips, David Michel, Feng Xiao, Kamal Alameh

Research outputs 2014 to 2021

We propose and demonstrate the concept of a novel compact, flexible fiber optic Surface Plasmon Resonance (SPR) sensor based on a double-pass Kretschmann-type configuration, where the SPR sensor chip can be replaced for various sensing applications. Simulation and experimental results demonstrate that the proposed fiber-optic SPR structure has a sensitivity to salt concentration of around 4.8 μW/ppt.

A Sri Lankan Hacking Case Study, Ishan Senarathna, Matthew Warren

Australian Information Security Management Conference

The aim of the paper is to consider how hacking could impact a country that had historically experienced major cyber-attacks. The aim of the paper is to explore a cyber incident that occurred against the Sri Lankan president and how Sri Lankan authorities reacted to the incident. The paper will focus upon the motivations of the attack, the impact of the attack and how Sri Lankan authorities reacted to the situation.

Evaluating Ip Surveillance Camera Vulnerabilities, Brian Cusack, Zhuang Tian

Australian Information Security Management Conference

Hacking of IP surveillance camera systems came to public attention in 2016 when the high bandwidth and resources were exploited for a massive DDoS attack that affected one third of all US Internet services. A review of previous studies show that a vast number of IP cameras have been hacked because the default usernames and passwords have not been changed from the factory defaults. In this research we asked, What are the vulnerabilities of an IP surveillance camera? The purpose of the study was to provide identification of vulnerabilities and guidance for the protection of surveillance camera systems. The research …

Neurosecurity For Brainware Devices, Brian Cusack, Kaushik Sundararajan, Reza Khaleghparast

Australian Information Security Management Conference

Brainware has a long history of development down into the present day where very simple and usable devices are available to train for the control of games and services. One of the big areas of application has been in the health sciences to provide compensatory control to humans who may lack the usual capabilities. Our concern has been the protection of information in brainware so that a human intention may have confidentiality, integrity, and accessibility to the required implementation mechanisms for services. The research question was: What are the consequences of security failure in brainware? Our research tested a brainware …

The 2017 Homograph Browser Attack Mitigation Survey, Tyson Mcelroy, Peter Hannay, Greg Baatard

Australian Information Security Management Conference

Since their inception, International Domain Names (IDN) have allowed for non-Latin characters to be entered into domain names. This feature has led to attackers forging malicious domains which appear identical to the Latin counterpart. This is achieved through using non-Latin characters which appear identical to their Latin counterpart. This attack is referred to as a Homograph attack. This research continues the work of Hannay and Bolan (2009), and Hannay and Baatard (2012), which assessed the mitigation methods incorporated by web browsers in mitigating IDN homograph attacks. Since these works, time IDN mitigation algorithms have been altered, such as the one …

Core Elements In Information Security Accountability In The Cloud, Zahir Al-Rashdi, Martin Dick, Ian Storey

Australian Information Security Management Conference

This paper proposes 9 core elements of information security accountability in the area of cloud computing. The core elements were determined via a series of 18 case studies with Omani government organisations that were actively using and/or providing cloud computing. 36 interviews were conducted and then analysed using a grounded theory methodology As a result of the analysis, responsibility, transparency, assurance, remediation, accountability support environment, flexible change process, collaboration, mechanisms and commitment to external criteria. The research also found that the emphasis on specific core elements is context-dependent and that there was considerable variation in emphasis amongst the case study …

The Convergence Of It And Ot In Critical Infrastructure, Glenn Murray, Michael N. Johnstone, Craig Valli

Australian Information Security Management Conference

Automation and control systems, such as SCADA (Supervisory Control and Data Acquisition), DCS (Distributed Control Systems) and are often referred to as Operational Technology (OT). These systems are used to monitor and control critical infrastructures such as power, pipelines, water distribution, sewage systems and production control,). Traditionally, these OT systems have had a degree of physical separation from Information Technology (IT) infrastructures. With changing technologies and a drive towards data-driven and remote operations the two technology environments are starting to converge. With this convergence, what was a relatively standalone secure and isolated environment is now connected and accessible via the …

Security Readiness Evaluation Framework For Tonga E-Government Initiatives, Raymond Lutui, Semisi Hopoi, Siaosi Maeakafa

Australian Information Security Management Conference

The rapid expansion of the Information and Communication Technologies (ICTs) in the Pacific have reached the Kingdom of Tonga. The submarine fibre-optic cable which connects Tonga to Fiji and onward to a hub in Sydney went live 2013. Now the people of Tonga experience the high-speed impact of digital communication, fast international access, and social changes such as the government is implementing a digital society through e-government services. This study focuses on identifying the factors that will later become a vulnerability and a risk to the security of Tonga government e-government initiatives. Data was collected through interviews with three government …

Assessment Of Security Vulnerabilities In Wearable Devices, Brian Cusack, Bryce Antony, Gerard Ward, Shaunak Mody

Australian Information Security Management Conference

Wearable devices have proliferated in usage and human experience, and they provide convenience for personal information requirements. These devices are both sensory and immersive for the diverse global network that is generally termed the Internet of things (IoT). The immediacy of the two-way communication created in the IoT has made vulnerable human behaviour and raised debate around information ownership and privacy expectations. The legitimacy of ownership of information and its reuse are prevalent problems. In this research, we tested four wearable devices that share 44% of the current market, for security vulnerabilities. We found serious weaknesses that could result in …

Deceptive Security Based On Authentication Profiling, Andrew Nicholson, Helge Janicke, Andrew Jones, Adeeb Alnajaar

Australian Information Security Management Conference

Passwords are broken. Multi-factor Authentication overcomes password insecurities, but its potentials are often not realised. This article presents InSight, a system to actively identify perpetrators by deceitful adaptation of the accessible system resources using Multi-factor Authentication profiles. This approach improves authentication reliability and attributes users by computing trust scores against profiles. Based on this score, certain functionality is locked, unlocked, buffered, or redirected to a deceptive honeypot, which is used for attribution. The novelty of this approach is twofold; a profile-based multi-factor authentication approach that is combined with a gradient, deceptive honeypot.

Building A Dataset For Image Steganography, Chris Woolley, Ahmed Ibrahim, Peter Hannay

Australian Digital Forensics Conference

Image steganography and steganalysis techniques discussed in the literature rely on using a dataset(s)created based on cover images obtained from the public domain, through the acquisition of images from Internet sources, or manually. This issue often leads to challenges in validating, benchmarking, and reproducing reported techniques in a consistent manner. It is our view that the steganography/steganalysis research community would benefit from the availability of common datasets, thus promoting transparency and academic integrity. In this research, we have considered four aspects: image acquisition, pre-processing, steganographic techniques, and embedding rate in building a dataset for image steganography.

A Centralised Platform For Digital Forensic Investigations In Cloud-Based Environments, Shaunak Mody, Alastair Nisbet

Australian Digital Forensics Conference

Forensic investigations of digital media traditionally involve seizing a device and performing a forensic investigation. Often legal and physical obstructions must be overcome so that the investigator has access to the device and the right to secure it for investigation purposes. Taking a forensic image of a hard disk may need to be done in the field but analysis can usually be performed at a later time. With the rapid increase in hard disk size, the acquiring of a forensic image can take hours or days. This poses significant issues for forensic investigators when potential evidence resides in the cloud. …

Proceedings Of The 15th Australian Digital Forensics Conference, 5-6 December 2017, Edith Cowan University, Perth, Australia, Craig Valli

Australian Digital Forensics Conference

Conference Foreword This is the sixth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 8 papers were submitted and following a double blind peer review process, 5 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, …

A Comparison Of 2d And 3d Delaunay Triangulations For Fingerprint Authentication, Marcelo Jose Macedo, Wencheng Yang, Guanglou Zheng, Michael N. Johnstone

Australian Information Security Management Conference

The two-dimensional (2D) Delaunay triangulation-based structure, i.e., Delaunay triangle, has been widely used in fingerprint authentication. However, we also notice the existence of three-dimensional (3D) Delaunay triangulation, which has not been extensively explored. Inspired by this, in this paper, the features of both 2D and 3D Delaunay triangulation-based structures are investigated and the findings show that a 3D Delaunay structure, e.g., Delaunay tetrahedron, can provide more feature types and a larger number of elements than a 2D Delaunay structure, which was expected to provide a higher discriminative capability. However, higher discrimination does not necessarily lead to better performance, especially in …

Literature-Based Analysis Of The Influences Of The New Forces On Isms: A Conceptual Framework, Zahir Al-Rashdi, Martin Dick, Ian Storey

Australian Information Security Management Conference

This paper presents an analysis that arose from a comprehensive review of the academic and professional literature of two areas – information security management systems (ISMS) and information resources – and their relationship with information security. It analyzes the role of ISMS in protecting an organization’s information environment and infrastructure. It has identified four key areas that strongly influence the safety of information resources: cloud computing; social media/networking; mobility; and information management/big data. Commonly referred to as ‘new forces’, these four aspects are all growing exponentially and are not easily controlled by IT. Another key finding of the paper is …

Using Journals To Assess Non-Stem Student Learning In Stem Courses: A Case Study In Cybersecurity Education, Gary C. Kessler, Glenn S. Dardick, Douglas L. Holton

Research outputs 2014 to 2021

Embry-Riddle Aeronautical University offers a minor course of study in cybersecurity as an option in our undergraduate Homeland Security program. Since the students are, by and large, social scientists, the focus of the program is to build hyper-awareness of how cybersecurity integrates within their professional aspirations rather than to provide cybersecurity career-level proficiency. Assessing student learning of the technical aspects cannot be performed using traditional tests, as they would not properly measure what the students are learning in a practical sense. Instead, we employ journals and self-reflection to ask the students to express and demonstrate their learning. Although somewhat harder …

Broadband Router Security: History, Challenges And Future Implications, Patryk Szewczyk, Rose Macdonald

Research outputs 2014 to 2021

Consumer grade broadband routers are integral to accessing the Internet and are primarily responsible for the reliable routing of data between networks. Despite the importance of broadband routers, security has never been at the forefront of their evolution. Consumers are often in possession of broadband routers that are rich in consumer-orientated features yet riddled with vulnerabilities that make the routers susceptible to exploitation. This amalgamation of theoretical research examines consumer grade broadband routers from the perspective of how they evolved, what makes them vulnerable, how they are targeted, and the challenges concerning the application of security. The research further explores …

Insider Misuse Identification Using Transparent Biometrics, Nathan Clarke, Fudong Li, Abdulrahman Alruban, Steven Furnell

Research outputs 2014 to 2021

Insider misuse is a key threat to organizations. Recent research has focused upon the information itself – either through its protection or approaches to detect the leakage. This paper seeks a different approach through the application of transparent biometrics to provide a robust approach to the identification of the individuals who are misusing systems and information. Transparent biometrics are a suite of modalities, typically behavioral-based that can capture biometric signals covertly or non-intrusively – so the user is unaware of their capture. Transparent biometrics are utilized in two phases a) to imprint digital objects with biometric-signatures of the user who …

Denial-Of-Service Attack Modelling And Detection For Http/2 Services, Erwin Adi

Theses: Doctorates and Masters

Businesses and society alike have been heavily dependent on Internet-based services, albeit with experiences of constant and annoying disruptions caused by the adversary class. A malicious attack that can prevent establishment of Internet connections to web servers, initiated from legitimate client machines, is termed as a Denial of Service (DoS) attack; volume and intensity of which is rapidly growing thanks to the readily available attack tools and the ever-increasing network bandwidths. A majority of contemporary web servers are built on the HTTP/1.1 communication protocol. As a consequence, all literature found on DoS attack modelling and appertaining detection techniques, addresses only …

Analysis Of Attempted Intrusions: Intelligence Gathered From Ssh Honeypots, Priya Rabadia, Craig Valli, Ahmed Ibrahim, Zubair A. Baig

Australian Digital Forensics Conference

Honeypots are a defensive cyber security countermeasure used to gather data on intruder activities. By analysing the data collected by honeypots, mitigation strategies for cyberattacks launched against cyber-enabled infrastructures can be developed. In this paper, intelligence gathered from six Secure Shell (SSH) honeypots is presented. The paper is part of an ongoing investigation into analysing malicious activities captured by the honeypots. This paper focuses on the time of day attempted intrusions have occurred. The honeypot data has been gathered from 18th July 2012 until 13th January 2016; a period of 1,247 days. All six honeypots have the same hardware and …

Financial Fraud Risk Management And Corporate Governance, Raymond Lutui, Tau'aho 'Ahokovi

Australian Information Security Management Conference

Risk management is important so that risk is assessed, understood and appropriately managed. This is important both for conformance and performance. It is essential that strategic planning and management decisions are made appropriately in the context of the risk appetite of the corporation and its various stakeholders – especially its shareholders. If a company does not have a good understanding of risk, the likelihood of conformance and performance failure is high, this implies good internal and external corporate intelligence. Large global corporations have a significant impact on economies around the world. These entities are subject to intense competition and require …

Security Vulnerabilities And Cyber Threat Analysis Of The Amqp Protocol For The Internet Of Things, Ian Noel Mcateer, Muhammad Imran Malik, Zubair Baig, Peter Hannay

Australian Information Security Management Conference

The Internet of Things (IoT) expands the global Internet-connected network to encompass device-to-device, device-to-server, and server-to-server connectivity for an ever-increasing variety of end-user devices. IoT remains a somewhat amorphous entity, with little in the way of coordinated development, and is undermined largely by a manufacturer-driven scramble to be first-to-market with the latest innovation. Communication between IoT devices/servers relies on underlying protocols, which must be efficient and effective to establish and maintain reliability and integrity of data transfer. However, the lack of coordination during IoT’s expansion has resulted in a variety of communications protocols being developed. AMQP (Advanced Message Queuing Protocol) …

Intelligent Feature Selection For Detecting Http/2 Denial Of Service Attacks, Erwin Adi, Zubair Baig

Australian Information Security Management Conference

Intrusion-detection systems employ machine learning techniques to classify traffic into attack and legitimate. Network flooding attacks can leverage the new web communications protocol (HTTP/2) to bypass intrusion-detection systems. This creates an urgent demand to understand HTTP/2 characteristics and to devise customised cyber-attack detection schemes. This paper proposes Step Sister; a technique to generate an optimum network traffic feature set for network intrusion detection. The proposed technique demonstrates that a consistent set of features are selected for a given HTTP/2 dataset. This allows intrusion-detection systems to classify previously unseen network traffic samples with fewer false alarm than when techniques used in …

Tonga’S Organisational Vulnerability To Social Engineering, Raymond Lutui, Viliami Fe’Aomoeata

Australian Information Security Management Conference

Tonga is a small developing island in the south pacific and ICT is still in its early stages. In this paper we ask the questions, what is social engineering and who is this social engineer, what are the threats to Tonga, how can these threats be identified and which countermeasures can be taken to mitigate the risk of social engineering? The answers to these questions will lead to a social engineering risk management framework to make the risks of social engineering more transparent and help organisations implement mitigating controls against social engineering. The study was performed in four chosen organisations …

A Review Of Data Breaches And Losses That Occurred From Laptops That Were Stolen Or Otherwise Misplaced In 2015 And 2016, Samuel Griffith Wakeling, Peter Hannay, Zubair Baig

Australian Information Security Management Conference

This paper provides an analysis of what information can be found on laptops that may or may not have connections to an organisation of some form, the statistics of the number of laptops stolen or otherwise misplaced in 2015 and 2016, and the number of potentially affected people from each of the cases. As seen in many news articles, laptops are often stolen or otherwise misplaced by employees or contractors in an organisational environment. As discovered in this research, many laptops are stolen from vehicles or homes of employees rather than organisation’s buildings, but not all. The majority of stolen …

The Proceedings Of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia, Craig Valli (Ed.)

Australian Information Security Management Conference

Conference Foreword

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and …

A Sound Idea: An Investigation Into Accessible Video Game Design For The Deaf And Hard Of Hearing, Luke James Brook

Theses: Doctorates and Masters

A widely accepted, and incorrect, assumption towards hearing accessibility in video games is that deaf and hard of hearing (DHH) users are those who encounter the least barriers and are generally well catered for. Rapid advancement in video game technology has seen video game sound evolve from simple blips generated by internal circuitry to fully realised digital audio used to convey critical information. To accommodate the DHH, this information needs to be conveyed in an alternative manner. However, evidence suggests existing accessible design solutions for the DHH lack specificity and are insufficient. Thus, the inability to hear, or hear well, …