Earticle

In 2007, Khan-Zhang made an enhancement based on Lin-Lai’s flexible biometrics remote user authentication scheme. The scheme has the merits of providing mutual authentication, no verification table, freely changing password and preventing the server spooling attack. However, this authentication scheme has been found to be vulnerable to the insider attack, the denial-of-service (DoS) attack and the clock synchronization problem. To overcome these weaknesses, a novel authentication scheme is proposed in this paper, which is based on nonce instead of timestamp and fresh tag to overcome the existing DoS attack and clock synchronization problem. The security analysis shows that the improved scheme not only inherits the merits of their scheme but also enhances the security of their scheme. Meantime the improved scheme does not add additional computation cost to the smart card. So the improved scheme is more secure, reliable and applicable with high potential to be used in the insecure network world than Khan-Zhang’s scheme.

Police intelligence operations rely on human analysts to search, comprehend and make sense of information during criminal investigations. This is a long and laborious task, in a situation where a quick and effective response is crucial to the prosecution of the offenders. This paper presents the implementation of a Police Intelligence Analysis Framework (PIAF), that provides automated processing of information extracted from witness statements, in order to identify the entities involved in an incident, and provide to the Police operations a complete and accurate situational picture. In order to improve situational awareness and aid the decision making process. This paper outlines the challenges when dealing with intelligence information, highlighting the methods implemented to address those challenges, and provides an overview of a system that is designed to be used in Police post-event analysis. A Police investigation example is provided to demonstrate the use of the system.

Header and footer are important in digital investigation for JPEG file detection as only 16% of files are fragmented. The use of efficient algorithm to detect them is vital to reduce time taken for analyzing ever increasing data in hard drive or physical memory. Even though there are few applications developed for file carving that rely on header and footer e.g. Foremost, Scalpel; however the algorithm used for header detection is not much discussed. In this paper, we introduce three novel algorithms; single-byte-marker, dual-byte-marker and 20-point-reference for JPEG File Interchange Format (JFIF) header detection using a newly introduced FORHEADER model. Three experiments have been carried out using an image from hard disk and physical memory; and raw data from Digital Workshop Forensics Research Workshop 2006 (DFRWS 2006) challenge. The results obtained showed that dual-byte-marker algorithm provides better performance in terms of processing time for JFIF header detection.

Facial composites are used by Police to generate lines of enquiry; unfortunately composites made by traditional ‘feature’ systems are not often accurately named. One reason could be that these systems tend to rely on descriptions of the criminal’s facial features, when it has been shown that relationships and distances between facial features—the relational information—is of importance for face recognition. Here, we present two experiments to investigate the usefulness of probing for relational information within witness interviews. Participant-witnesses underwent a typical cognitive interview (CI), an interview in which featural information was probed for before relational information (FR), or an interview in which probing for relational information preceded probing for featural detail (RF). Composites constructed of familiar targets with no delay were recognised better in the former two interviews than the latter, suggesting that relational information interferes with subsequent recall of featural information. However, after a 24 hour delay composites constructed of unfamiliar targets did not differ significantly for naming rates by interview type. This indicates no naming benefit for recalling relational information. However, RF composites were rated as significantly better likenesses to target images after a 24-hour delay, and so future work could explore this further to assess what aspect of the image is improved by recall of relational information.

In this paper, firstly, we introduce a new security definition called secret key awareness security which is to guarantee anyone gener-ating the public key to know the corresponding secret key. Following, we give a concrete implementing for secret key awareness security. Secondly, we present two applications: one is in plaintext awareness security cryp-tosystem, and another is in certificatless public key encryption scheme.

Recent papers have urged the need for new forensic techniques and tools able to investigate anti-forensics methods, and have promoted automation of live investigation. Such techniques and tools are called proactive forensic approaches, i.e., approaches that can deal with digitally investigating an incident while it occurs. To come up with such an approach, a Systematic Literature Review (SLR) was undertaken to identify and map the processes in digital forensics investigation that exist in literature. According to the review, there is only one process that explicitly supports proactive forensics, the multi-component process [1]. However, this is a very high-level process and cannot be used to introduce automation and to build a proactive forensics system. As a result of our SLR, a derived functional process that can support the implementation of a proactive forensics system is proposed.

Cyber attacks are becoming increasingly complex, especially when the target is a modern IT infrastructure, characterized by a layered architecture that integrates several security technologies such as firewalls and intrusion detection systems. These contexts can be violated by a multistep attack, that is a complex attack strategy that comprises multiple correlated intrusion activities. While a modern Intrusion Detection System detects single intrusions, it is unable to link them together and to highlight the strategy that underlies a multistep attack. Hence, a single multistep attack may generate a high number of uncorrelated intrusion alerts. The critical task of analyzing and correlating all these alerts is then performed manually by security experts. This process is time consuming and prone to human errors. This paper proposes a novel framework for the analysis and correlation of security alerts generated by state-of-the-art Intrusion Detection Systems. Our goal is to help security analysts in recognizing and correlating intrusion activities that are part of the same multistep attack scenario. The proposed framework produces correlation graphs, in which all the intrusion alerts that are part of the same multistep attack are linked together. By looking at these correlation graphs, a security analyst can quickly identify the relationships that link together seemingly uncorrelated intrusion alerts, and can easily recognize complex attack strategies and identify their final targets. Moreover, the proposed framework is able to leverage multiple algorithms for alert correlation.

Together with the massive expansion of smartphones, tablets, and other smart devices, we can notice a growing number of malware threats targeting these platforms. Software security companies are not prepared for such diversity of target platforms and there are only few techniques for platform-independent malware analysis. This is a major security issue these days. In this paper, we propose a concept of a retargetable reverse compiler (i.e. a decompiler), which is in an early stage of development. The retargetable decompiler transforms platformspecific binary applications into a high-level language (HLL) representation, which can be further analyzed in a uniform way. This tool will help with a static platform-independent malware analysis. Our unique solution is based on an exploitation of two systems that were originally not intended for such an application—he architecture description language (ADL) ISAC for a platform description and the LLVM Compiler System as the core of the decompiler. In this study, we show that our tool can produce highly readable HLL code.

In this article, we present a new code-based stream cipher called 2SC, based on the sponge construction. The security of the keystream generation of 2SC is reducible to the conjectured intractability of the Syndrome Decoding (SD) problem, which is believed to be hard in the average case. Our stream cipher compares favorably with other provably secure stream ciphers such as QUAD and SYND in terms of eciency and storage. In particular, 2SC is much faster than both these stream ciphers, requiring shorter keys and initial vectors (IVs) in order to attain comparable security levels (the runtime in terms of clock cycles is actually halved compared to SYND for around 170 bits of security, whereas the key size is about 50 bits smaller) .

The key exchange protocols using passwords achieved great attention due to their simplicity and e ciency. On the other hand these protocols should resist all types of password guessing attacks, as the password is of low entropy. Recently Lu and Cao proposed a three party simple key ex-change protocol (S-3PAKE). It is an extension of Abdella and Pointchval SPAKE protocol. Later Guo et al. proposed a man in the middle attack and undetectable on-line password guessing attack on the above protocol. They also presented an improved S-3PAKE. In the present paper we have shown that the improved S-3PAKE still su ers from undetectable pass-word guessing attack and discuss the countermeasures to preclude such an attack.

Hash functions are one of the most important cryptographic primitives. Some of the currently employed hash functions like SHA-1 or MD5 are considered broken today. Therefore, in 2007 the US National Institute of Standards and Technology announced a competition for a new family of hash functions. Keccak is one of the five final candidates to be chosen as SHA-3 hash function standard. In this paper, we present an implementation of the Keccak hash function family on graphics cards, using NVIDIA’s CUDA framework. Our implementation allows to choose one function out of the hash function family and hash arbitrary documents. In addition we present the first ready-to-use implementation of the tree mode of Keccak which is even more suitable for parallelization.

The last three years have witnessed tremendous progress in the understanding of code-based cryptography. One of its most promising applications is the design of cryptographic schemes with exceptionally strong security guarantees and other desirable properties. In contrast to number-theoretic problems typically used in cryptography, the underlying problems have so far resisted subexponential time attacks as well as quantum algorithms. This paper will survey the more recent developments. Keywords: Post-quantum cryptography, coding-based cryptography, encryption, digital signatures, identification, secret-key.