Physical Sciences and Mathematics Commons^™

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Smart Factories, Dumb Policy? Managing Cybersecurity And Data Privacy Risks In The Industrial Internet Of Things, Scott J. Shackelford

Minnesota Journal of Law, Science & Technology

No abstract provided.

A Study Of Existing Cross-Site Scripting Detection And Prevention Techniques Using Xampp And Virtualbox, Jalen Mack, Yen-Hung (Frank) Hu, Mary Ann Hoppa

Virginia Journal of Science

Most operating websites experience a cyber-attack at some point. Cross-site Scripting (XSS) attacks are cited as the top website risk. More than 60 percent of web applications are vulnerable to them, and they ultimately are responsible for over 30 percent of all web application attacks. XSS attacks are complicated, and they often are used in conjunction with social engineering techniques to cause even more damage. Although prevention techniques exist, hackers still find points of vulnerability to launch their attacks. This project explored what XSS attacks are, examples of popular attacks, and ways to detect and prevent them. Using knowledge gained …

An Exploratory Perception Analysis Of Consensual And Nonconsensual Image Sharing, Jin Ree Lee, Steven Downing

International Journal of Cybersecurity Intelligence & Cybercrime

Limited research has considered individual perceptions of moral distinctions between consensual and nonconsensual intimate image sharing, as well as decision making parameters around why others might engage in such behavior. The current study conducted a perception analysis using mixed-methods online surveys administered to 63 participants, inquiring into their perceptions of why individuals engage in certain behaviors surrounding the sending of intimate images from friends and partners. The study found that respondents favored the concepts of (1) sharing images with romantic partners over peers; (2) sharing non-intimate images over intimate images; and (3) sharing images with consent rather than without it. …

Blockchain Security: Situational Crime Prevention Theory And Distributed Cyber Systems, Nicholas J. Blasco, Nicholas A. Fett

International Journal of Cybersecurity Intelligence & Cybercrime

The authors laid the groundwork for analyzing the crypto-economic incentives of interconnected blockchain networks and utilize situational crime prevention theory to explain how more secure systems can be developed. Blockchain networks utilize smaller blockchains (often called sidechains) to increase throughput in larger networks. Identified are several disadvantages to using sidechains that create critical exposures to the assets locked on them. Without security being provided by the mainchain in the form of validated exits, sidechains or statechannels which have a bridge or mainchain asset representations are at significant risk of attack. The inability to have a sufficiently high cost to attack …

The Future Of Cybercrime Prevention Strategies: Human Factors And A Holistic Approach To Cyber Intelligence, Sinchul Back, Jennifer Laprade

International Journal of Cybersecurity Intelligence & Cybercrime

New technology is rapidly emerging to fight increasing cybercrime threats, however, there is one important component of a cybercrime that technology cannot always impact and that is human behavior. Unfortunately, humans can be vulnerable and easily deceived making technological advances alone inadequate in the cybercrime fight. Instead, we must take a more holistic approach by using technology and better understanding the human factors that make cybercrime possible. In this issue of the International Journal of Cybersecurity Intelligence and Cybercrime, three studies contribute to our knowledge of human factors and emerging cybercrime technology so that more effective comprehensive cybercrime prevention strategies …

A Test Of Structural Model For Fear Of Crime In Social Networking Sites, Seong-Sik Lee, Kyung-Shick Choi, Sinyong Choi, Elizabeth Englander

International Journal of Cybersecurity Intelligence & Cybercrime

This study constructed a structural model which consists of social demographic factors, experience of victimization, opportunity factors, and social context factors to explain the public’s fear of crime on social networking sites (SNS). The model is based on the risk interpretation model, which predicts that these factors influence users’ fear of crime victimization. Using data from 486 university students in South Korea, an empirically-tested model suggests that sex and age have direct and significant effects on fear of victimization, supporting the vulnerability hypothesis. Among opportunity factors, the level of personal information and the number of offending peers have significant effects …

Fast Forensic Triage Using Centralised Thumbnail Caches On Windows Operating Systems, Sean Mckeown, Gordon Russell, Petra Leimich

Journal of Digital Forensics, Security and Law

A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives are now so large that it can take several hours just to read this data from the disk, and can contribute to the large investigative backlogs suffered by many law enforcement bodies. Digital forensic triage techniques may thus be used to prioritise evidence and effect faster investigation turnarounds. This paper proposes a new forensic triage method for investigating disk evidence relating to …

Memoryranger Prevents Highjacking File_Object Structures In Windows Kernel, Igor Korkin

Journal of Digital Forensics, Security and Law

Windows OS kernel memory is one of the main targets of cyber-attacks. By launching such attacks, hackers are succeeding in process privilege escalation and tampering users’ data by accessing kernel-mode memory. This paper considers a new example of such an attack, which results in access to the files opened in an exclusive mode. Windows built-in security features prevent such a legal access, but attackers can circumvent them by patching dynamically allocated objects. The research shows that the newest Windows 10 x64 is vulnerable to this attack. The paper provides an example of using MemoryRanger, a hypervisor- based solution to prevent …

Improved Decay Tolerant Inference Of Previously Uninstalled Computer Applications, Oluwaseun Adegbehingbe, James Jones

Journal of Digital Forensics, Security and Law

When an application is uninstalled from a computer system, the application’s deleted file contents are overwritten over time, depending on factors such as operating system, available unallocated disk space, user activity, etc. As this content decays, the ability to infer the application’s prior presence, based on the remaining digital artifacts, becomes more difficult. Prior research inferring previously installed applications by matching sectors from a hard disk of interest to a previously constructed catalog of labeled sector hashes showed promising results. This prior work used a white list approach to identify relevant artifacts, resulting in no irrelevant artifacts but incurring the …

Longitudinal Analysis With Modes Of Operation For Aes, Dana Geislinger, Cory Thigpen, Daniel W. Engels

SMU Data Science Review

In this paper, we present an empirical evaluation of the randomness of the ciphertext blocks generated by the Advanced Encryption Standard (AES) cipher in Counter (CTR) mode and in Cipher Block Chaining (CBC) mode. Vulnerabilities have been found in the AES cipher that may lead to a reduction in the randomness of the generated ciphertext blocks that can result in a practical attack on the cipher. We evaluate the randomness of the AES ciphertext using the standard key length and NIST randomness tests. We evaluate the randomness through a longitudinal analysis on 200 billion ciphertext blocks using logistic regression and …

Examining The Correlates Of Failed Drdos Attacks, Thomas Hyslip, Thomas Holt

Journal of Digital Forensics, Security and Law

Over the last decade, there has been a rise in cybercrime services offered on a feefor- service basis, enabling individuals to direct attacks against various targets. One of the recent services offered involves stresser or booter operators, who offer distributed reflected denial of service (DRDoS) attacks on an hourly or subscription basis. These attacks involve the use of malicious traffic reflected off of webservers to increase the volume of traffic, which is directed toward websites and servers rendering them unusable. Researchers have examined DRDoS attacks using realtime data, though few have considered the experience of their customers and the factors …

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Enhancing Forensic-Tool Security With Rust: Development Of A String Extraction Utility, Jens Getreu, Olaf Maennel

Journal of Digital Forensics, Security and Law

The paper evaluates the suitability of the Rust ecosystem for forensic tool development. As a case study, a forensic tool named Stringsext is developed. Starting from analyzing the specefic requirements of forensic software in general and those of the present case study, all stages of the software development life-cycle are executed and evaluated. Stringsext is a re-implementation and enhancement of the GNU-strings tool, a widely used program in forensic investigations. Stringsext recognizes Cyrillic, CJKV East Asian characters and other scripts in all supported multi-byte-encodings while GNU-strings fails in finding these in UTF-16 and other encodings. During the case study it …

Df 2.0: An Automated, Privacy Preserving, And Efficient Digital Forensic Framework That Leverages Machine Learning For Evidence Prediction And Privacy Evaluation, Robin Verma, Jayaprakash Govindaraj Dr, Saheb Chhabra, Gaurav Gupta

Journal of Digital Forensics, Security and Law

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although data privacy protection is not a performance measure, however, preventing privacy violations during the digital forensic investigation, is also a big challenge. With a perception that the completeness of investigation and the data privacy preservation are incompatible with each other, the researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation …

Forensic Cell Site Analysis: Mobile Network Operator Evidence Integrity Maintenance Research, John B. Minor

Journal of Digital Forensics, Security and Law

Mobile Network Operator (MNO) and Mobile Virtual Network Operator (MVNO) evidence have become an important evidentiary focus in the courtroom. This type of evidence is routinely produced as business records under U.S. Federal Rules of Evidence for use in the emerging discipline of Forensic Cell Site Analysis. The research was undertaken to determine if evidence produced by operators should be classified as digital evidence and, if so, what evidence handling methodologies are appropriate to ensure evidence integrity. This research project resulted in the creation of a method of determining if business records produced by MNO/MVNO organizations are digital evidence and …

Adopting The Cybersecurity Curriculum Guidelines To Develop A Secondary And Primary Academic Discipline In Cybersecurity Postsecondary Education, Wasim A. Alhamdani

Journal of Cybersecurity Education, Research and Practice

A suggested curriculum for secondary and primarily academic discipline in Cybersecurity Postsecondary Education is presented. This curriculum is developed based on the Association for Computing Machinery guidelines and the National Centers of Academic Excellence Cyber Operations program.

A Design Case: Assessing The Functional Needs For A Multi-Faceted Cybersecurity Learning Space, Charles J. Lesko Jr.

Journal of Cybersecurity Education, Research and Practice

Following a multi-year effort that developed not only a detailed list of functional requirements but also the preliminary physical and logical design layouts, the concept for a multi-faceted cybersecurity center was approved and the physical, as well as, additional infrastructure space was subsequently allocated. This effort briefly describes the structure and scope of the current cybersecurity program being supported and then draws out the functional requirements that were identified for the center based on the needs of the institution’s cybersecurity program. It also highlights the physical and logical design specifications of the center, as well as, the many external program …

Cybersecurity Education: The Need For A Top-Driven, Multidisciplinary, School-Wide Approach, Lucy Tsado

Journal of Cybersecurity Education, Research and Practice

The human resource skills gap in cybersecurity has created an opportunity for educational institutions interested in cybersecurity education. The current number of schools designated by the Department of Homeland Security (DHS) and National Security Agency (NSA) as Centers of Academic Excellence (CAE) to train cybersecurity experts are not sufficient to meet the shortfall in the industry. The DHS has clearly mapped out knowledge areas for cybersecurity education for both technical and non-technical disciplines; it is therefore possible for institutions not yet designated CAEs to generate cybersecurity experts, with the long-term goal of attaining the CAE designation. The purpose of this …

From The Editors, Michael E. Whitman, Herbert J. Mattord, Carole L. Hollingsworth

Journal of Cybersecurity Education, Research and Practice

No abstract provided.

Car Hacking: Accessing And Exploiting The Can Bus Protocol, Bryson R. Payne

Journal of Cybersecurity Education, Research and Practice

With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and one worth exploring both in the classroom and in the real world. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety, and the cybersecurity of these “data centers on wheels” is of greater concern than ever.

However, up to this point there has been a …

Hacking The Extended Mind: The Security Implications Of The New Metaphysics, Robin L. Zebrowski

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Computer security expert Paul Syverson has argued that there is a computer security equivalent of gaslighting: where a clever adversary could convince some system that some component that is not really a part of the system is in fact a part of the system. If non-biological items from our environments (or even pieces of our environments themselves) can be part of our minds (the standard Extended Mind hypothesis, EM), they are therefore part of our selves, and therefore subject to Syverson’s worry about boundary in a way that has not been explored before. If some version of EM holds, then …

Difference Between Algorithmic Processing And The Process Of Lifeworld (Lebenswelt), Domenico Schneider

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The following article compares the temporality of the life-world with the digital processing. The temporality of the life-world is determined to be stretched and spontaneous. The temporality of the digital is given by discrete step-by-step points of time. Most ethical issues can be traced back to a mismatch of these two ways of processing. This creates a foundation for the ethics of the digital processing. Methodologically, phenomenological considerations are merged with media-philosophical considerations in the article.

What To Do When Privacy Is Gone, James Brusseau

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Today’s ethics of privacy is largely dedicated to defending personal information from big data technologies. This essay goes in the other direction. It considers the struggle to be lost, and explores two strategies for living after privacy is gone. First, total exposure embraces privacy’s decline, and then contributes to the process with transparency. All personal information is shared without reservation. The resulting ethics is explored through a big data version of Robert Nozick’s Experience Machine thought experiment. Second, transient existence responds to privacy’s loss by ceaselessly generating new personal identities, which translates into constantly producing temporarily unviolated private information. The …

Responding To Some Challenges Posed By The Re-Identification Of Anonymized Personal Data, Herman T. Tavani, Frances S. Grodzinsky

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

In this paper, we examine a cluster of ethical controversies generated by the re-identification of anonymized personal data in the context of big data analytics, with particular attention to the implications for personal privacy. Our paper is organized into two main parts. Part One examines some ethical problems involving re-identification of personally identifiable information (PII) in large data sets. Part Two begins with a brief description of Moor and Weckert’s Dynamic Ethics (DE) and Nissenbaum’s Contextual Integrity (CI) Frameworks. We then investigate whether these frameworks, used together, can provide us with a more robust scheme for analyzing privacy concerns that …

Information Privacy: Not Just Gdpr, Danilo Bruschi

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The "information rush" which is characterizing the current phase of the information age calls for actions aimed at enforcing the citizens' right to privacy. Since the entire information life-cycle (collection, manipulation, storing) is now carried out by digital technologies, most of such actions consists of the adoption of severe measures (both organizational and technological) aimed at improving the security of computer systems, as in the case of the EU General Data Protection Regulation. Usually, data processors which comply with these requirements are exempted by any other duty. Unfortunately recent trends in the computer attack field show that even the adoption …

Keeping Anonymity At The Consumer Behavior On The Internet: Proof Of Sacrifice, Sachio Horie

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The evolution of the Internet and AI technology has made it possible for the government and the businesses to keep track of their personal lives. GAFA continues to collect information unintended by the individuals. It is a threat that our privacy is violated in this way. In order to solute such problems, it is important to consider a mechanism that enables us to be peaceful lives while protecting privacy in the Internet society.

This paper focuses on the consumption behavior on the Internet and addresses anonymity. We consider some network protocols that enable sustainable consensus by combining anonymity methods such …

The Right To Human Intervention: Law, Ethics And Artificial Intelligence, Maria Kanellopoulou - Botti, Fereniki Panagopoulou, Maria Nikita, Anastasia Michailaki

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The paper analyses the new right of human intervention in use of information technology, automatization processes and advanced algorithms in individual decision-making activities. Art. 22 of the new General Data Protection Regulation (GDPR) provides that the data subject has the right not to be subject to a fully automated decision on matters of legal importance to her interests, hence the data subject has a right to human intervention in this kind of decisions.

Legal And Technical Issues For Text And Data Mining In Greece, Maria Kanellopoulou - Botti, Marinos Papadopoulos, Christos Zampakolas, Paraskevi Ganatsiou

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Web harvesting and archiving pertains to the processes of collecting from the web and archiving of works that reside on the Web. Web harvesting and archiving is one of the most attractive applications for libraries which plan ahead for their future operation. When works retrieved from the Web are turned into archived and documented material to be found in a library, the amount of works that can be found in said library can be far greater than the number of works harvested from the Web. The proposed participation in the 2019 CEPE Conference aims at presenting certain issues related to …

On The Responsibility For Uses Of Downstream Software, Marty J. Wolf, Keith W. Miller, Frances S. Grodzinsky

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

In this paper we explore an issue that is different from whether developers are responsible for the direct impact of the software they write. We examine, instead, in what ways, and to what degree, developers are responsible for the way their software is used “downstream.” We review some key scholarship analyzing responsibility in computing ethics, including some recent work by Floridi. We use an adaptation of a mechanism developed by Floridi to argue that there are features of software that can be used as guides to better distinguish situations where a software developer might share in responsibility for the software’s …