Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00016
S. Alornyo, Evans Aidoo, Kingsford Kissi Mireku, Benjamin Kwofie, Xiong Hu, M. Asante
A cryptographic primitive suggested by Carnard et al. in 2012 ensures that on input a plaintext, ciphertext with corresponding public key, it is possible to check if a ciphertext is encryption of a target plaintext with a corresponding public key. This tool enables public plaintext query on ciphertext. We introduce ID-based plaintext checkable encryption (ID-PCE) in outsourced healthcare database. ID-PCE uses receiver's ID as the public key to curtail problems associated with key certificate management in public key encryption. We adopts identity-based cryptography and it achieves a weak-IND-ID-CCA (W-IND-IDCCA). Finally, proof the security of our scheme using random oracle model.
Carnard等人在2012年提出了一种加密原语,它保证了在输入一个明文、具有相应公钥的密文时,可以检查该密文是否为具有相应公钥的目标明文的加密。此工具支持对密文进行公开明文查询。在外包医疗数据库中引入基于id的明文可校验加密(ID-PCE)。ID- pce使用接收者的ID作为公钥,以减少公钥加密中与密钥证书管理相关的问题。我们采用基于身份的加密技术,实现了弱ind - id - cca (W-IND-IDCCA)。最后,利用随机oracle模型证明了该方案的安全性。
{"title":"ID-Based Outsourced Plaintext Checkable Encryption in Healthcare Database","authors":"S. Alornyo, Evans Aidoo, Kingsford Kissi Mireku, Benjamin Kwofie, Xiong Hu, M. Asante","doi":"10.1109/ICSIoT47925.2019.00016","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00016","url":null,"abstract":"A cryptographic primitive suggested by Carnard et al. in 2012 ensures that on input a plaintext, ciphertext with corresponding public key, it is possible to check if a ciphertext is encryption of a target plaintext with a corresponding public key. This tool enables public plaintext query on ciphertext. We introduce ID-based plaintext checkable encryption (ID-PCE) in outsourced healthcare database. ID-PCE uses receiver's ID as the public key to curtail problems associated with key certificate management in public key encryption. We adopts identity-based cryptography and it achieves a weak-IND-ID-CCA (W-IND-IDCCA). Finally, proof the security of our scheme using random oracle model.","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132197826","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00012
Abel Yeboah-Ofori, Shareeful Islam, E. Yeboah-Boateng
Cyber supply chain (CSC) systems provide operational efficiency and business continuity due to the integrated nature of various network system nodes. Such integration has made the overall system vulnerable to various cyber attacks and malware propagation is one of the common attacks for CSC. Cyber threat intelligence (CTI) provides an organization the capability to identify, gather, analyze threats and the associated risks so that CSC organization can forecast the existing and future threat trends and manage the cybersecurity risk in a proactive manner. A threat actor may attack the system and propagate a malware. The purpose is to manipulate, alter, or change delivery mechanisms. It is imperative to integrate CTI into the existing cybersecurity practice to detect and understand the threat actor's intents and motive. In our previous paper, we used threat analysis gathering to provide us an understanding of the adversaries' capabilities, actions, and intents. This paper contributes to improving the cybersecurity of CSC by using CTI. In particular, we extend our previous work which identifies and analysis CSC attacks and adopts CTI approach to understand the attack trends so that appropriate control can determine proactively. We use the malware a smart grid case study as CSC context to demonstrate our approach. The result demonstrations how CTI approach is applied to assist in preventing cyberattacks and to disseminate threat information sharing.
{"title":"Cyber Threat Intelligence for Improving Cyber Supply Chain Security","authors":"Abel Yeboah-Ofori, Shareeful Islam, E. Yeboah-Boateng","doi":"10.1109/ICSIoT47925.2019.00012","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00012","url":null,"abstract":"Cyber supply chain (CSC) systems provide operational efficiency and business continuity due to the integrated nature of various network system nodes. Such integration has made the overall system vulnerable to various cyber attacks and malware propagation is one of the common attacks for CSC. Cyber threat intelligence (CTI) provides an organization the capability to identify, gather, analyze threats and the associated risks so that CSC organization can forecast the existing and future threat trends and manage the cybersecurity risk in a proactive manner. A threat actor may attack the system and propagate a malware. The purpose is to manipulate, alter, or change delivery mechanisms. It is imperative to integrate CTI into the existing cybersecurity practice to detect and understand the threat actor's intents and motive. In our previous paper, we used threat analysis gathering to provide us an understanding of the adversaries' capabilities, actions, and intents. This paper contributes to improving the cybersecurity of CSC by using CTI. In particular, we extend our previous work which identifies and analysis CSC attacks and adopts CTI approach to understand the attack trends so that appropriate control can determine proactively. We use the malware a smart grid case study as CSC context to demonstrate our approach. The result demonstrations how CTI approach is applied to assist in preventing cyberattacks and to disseminate threat information sharing.","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"124 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128470725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00018
Kester Quist-Aphetsi, B. Asare, Laurent Nana
Internet of things (IoT) is believed to be the greatest thing that came along with the birth of the internet 4.0. IoT security is a growing concern that have received a lot of research interest in recent times. IoT security covers these four critical areas: Device or hardware, Communications, Cloud, and Life cycle management. At each level of these security protocols are breaches that continue to threaten the continuous adoption and use of this pervasive technology that homes, organizations and Governments use towards collecting, analysing and decision making in most cases. The concept of Internet of Things-IoT describes the environment where devices connect with each other to communicate, collect, store sensor data to the cloud. The sensor data is then processed and analyzed towards describing valuable information. IoT solutions support domestic, industrial, and Governmental installations for the monitoring of environmental data, health monitoring, control and management of household appliances, weather recording and forecasting, and the like. Loosely speaking, Internet of Things - IoT concerns itself with the interconnectedness of embedded devices and the internet for the purpose of collecting, recording, analyzing and sharing of sensor data using sensors, actuators, and Radio frequency Identifiers - RFID. The Race Integrity Primitive Evaluation Message Digest (RIPEMD 128) and Data Encryption Standards (DES) were used to achieve the ultimate goal of providing improved security for end-end encryption for secured communications within IoT systems. The authors proposed a combined approach with the use of a cryptographic algorithm and a hash function to increase security for IoT node-node communications.
{"title":"IoT Node-Node Secure Communication Using RIPEMD-128 and DES","authors":"Kester Quist-Aphetsi, B. Asare, Laurent Nana","doi":"10.1109/ICSIoT47925.2019.00018","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00018","url":null,"abstract":"Internet of things (IoT) is believed to be the greatest thing that came along with the birth of the internet 4.0. IoT security is a growing concern that have received a lot of research interest in recent times. IoT security covers these four critical areas: Device or hardware, Communications, Cloud, and Life cycle management. At each level of these security protocols are breaches that continue to threaten the continuous adoption and use of this pervasive technology that homes, organizations and Governments use towards collecting, analysing and decision making in most cases. The concept of Internet of Things-IoT describes the environment where devices connect with each other to communicate, collect, store sensor data to the cloud. The sensor data is then processed and analyzed towards describing valuable information. IoT solutions support domestic, industrial, and Governmental installations for the monitoring of environmental data, health monitoring, control and management of household appliances, weather recording and forecasting, and the like. Loosely speaking, Internet of Things - IoT concerns itself with the interconnectedness of embedded devices and the internet for the purpose of collecting, recording, analyzing and sharing of sensor data using sensors, actuators, and Radio frequency Identifiers - RFID. The Race Integrity Primitive Evaluation Message Digest (RIPEMD 128) and Data Encryption Standards (DES) were used to achieve the ultimate goal of providing improved security for end-end encryption for secured communications within IoT systems. The authors proposed a combined approach with the use of a cryptographic algorithm and a hash function to increase security for IoT node-node communications.","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"159 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128891756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00015
John Agyekum Addae, Grace Simpson, George Oppong Appiagyei Ampong
Globally, banks are deploying reliant data protection technologies to secure business continuity. However, information security attackers leverage on employees seldom predisposition to compromise firms' assets. The study therefore examines attributing factors influencing information security compliance behavior in the Ghanaian banking sector. A survey design approach was adopted to validate the research model. Partial Least Square Structural Equation Modeling (PLS-SEM) were used to analyze 329 valid data. The model results showed that perceived threat, vulnerability, response cost, and efficiency had a significant effect on compliance but interestingly not for Self-Efficacy. Perceived threat severity had the most significant effect on IS compliance behavior. Overall, our model accounted for 60% of the variation in IS compliance
{"title":"Factors Influencing Information Security Policy Compliance Behavior","authors":"John Agyekum Addae, Grace Simpson, George Oppong Appiagyei Ampong","doi":"10.1109/ICSIoT47925.2019.00015","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00015","url":null,"abstract":"Globally, banks are deploying reliant data protection technologies to secure business continuity. However, information security attackers leverage on employees seldom predisposition to compromise firms' assets. The study therefore examines attributing factors influencing information security compliance behavior in the Ghanaian banking sector. A survey design approach was adopted to validate the research model. Partial Least Square Structural Equation Modeling (PLS-SEM) were used to analyze 329 valid data. The model results showed that perceived threat, vulnerability, response cost, and efficiency had a significant effect on compliance but interestingly not for Self-Efficacy. Perceived threat severity had the most significant effect on IS compliance behavior. Overall, our model accounted for 60% of the variation in IS compliance","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131733331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00028
Kester Quist-Aphetsi, Isaac Baffour Senkyire
Volumes of digital images are produced per time, whiles these digital images may be for friendly and or social activities they can be manipulated for illegal purposes. Sensitive digital images have been a core part of security correspondences between sensitive institutions. Such sensitive digital images security has been a prime concern. The advancement in technology has made it easy for unauthorized persons to manipulate and illegally use sensitive digital images that are been acquired, processed, compressed, stored, broadcasted, and reproduced. This has necessitated the authentication of digital images. In this paper we propose SHA - 256 to validate digital forensic images.
{"title":"Validating of Digital Forensic Images Using SHA-256","authors":"Kester Quist-Aphetsi, Isaac Baffour Senkyire","doi":"10.1109/ICSIoT47925.2019.00028","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00028","url":null,"abstract":"Volumes of digital images are produced per time, whiles these digital images may be for friendly and or social activities they can be manipulated for illegal purposes. Sensitive digital images have been a core part of security correspondences between sensitive institutions. Such sensitive digital images security has been a prime concern. The advancement in technology has made it easy for unauthorized persons to manipulate and illegally use sensitive digital images that are been acquired, processed, compressed, stored, broadcasted, and reproduced. This has necessitated the authentication of digital images. In this paper we propose SHA - 256 to validate digital forensic images.","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"145 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128123643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00021
S. Alornyo, Kingsford Kissi Mireku, Abraham Tonny-Hagan, Xiong Hu
An attack continuum perpetuated by an insider (Mobile Money Wallet Service Provider) is paramount in this era of data intelligent and analytics. Mobile Money Wallet Service Providers (MMWSP) are entrusted to keep our sensitive information such as tokens and other mobile financial transactions secured for users to query and exchange token information. However, it is possible for the mobile money wallet service provider (insider) to peddle with user's data stored on it's server for economic gains. we put forward a novel mobile money wallet security against insider attack using identity based cryptography. Our novel scheme resist an insider from peddling user's data for economic gains. The scheme adopts the witness based cryptographic primitive. Finally, The security of our scheme is demonstrated by the use of random oracle model.
{"title":"Mobile Money Wallet Security against Insider Attack Using ID-Based Cryptographic Primitive with Equality Test","authors":"S. Alornyo, Kingsford Kissi Mireku, Abraham Tonny-Hagan, Xiong Hu","doi":"10.1109/ICSIoT47925.2019.00021","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00021","url":null,"abstract":"An attack continuum perpetuated by an insider (Mobile Money Wallet Service Provider) is paramount in this era of data intelligent and analytics. Mobile Money Wallet Service Providers (MMWSP) are entrusted to keep our sensitive information such as tokens and other mobile financial transactions secured for users to query and exchange token information. However, it is possible for the mobile money wallet service provider (insider) to peddle with user's data stored on it's server for economic gains. we put forward a novel mobile money wallet security against insider attack using identity based cryptography. Our novel scheme resist an insider from peddling user's data for economic gains. The scheme adopts the witness based cryptographic primitive. Finally, The security of our scheme is demonstrated by the use of random oracle model.","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121581653","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00019
Abel Yeboah-Ofori, C. Boachie
Due to the invincibility nature of cyber attacks onthe cyber supply chain (CSC), and the cascading effects ofmalware infections, we use machine learning to predictattacks. As organizations have become more reliant on CSCsystems for business continuity, so are the increase invulnerabilities and the threat landscapes. Some traditionalapproach to detecting and defending malware attack haslargely been antimalware or antivirus software such asspam filters, firewall, and IDS/IPS. These tools largelysucceed, however, as threat actors get more intelligent, theyare able to circumvent and affect nodes on systems whichthen propagates. In our previous work, we characterizedthreat actor activities, including presumed intent andhistorically observed behaviour, for the purpose ofascertaining the current threats that could be exploited. Inthis paper, we use ML techniques to learn dataset andpredict which CSC nodes have detection or no detection. The purpose is to predict which modes are venerable tocyberattacks and for predicting future trends. Todemonstrate the applicability of our approach, we used adataset from Microsoft Malware Prediction website. Further, an ensemble is used to link Logistic Regression, and Decision Tree and SVM algorithms in Majority Votingand run on the training data and then use 10-fold crossvalidation to test the parameter estimation, accurate resultsand predictions. The results show that ML algorithms inDecision Trees methods can be used in cyber supply chainpredict analytics to detect and predict future cyber attacktrends.
{"title":"Malware Attack Predictive Analytics in a Cyber Supply Chain Context Using Machine Learning","authors":"Abel Yeboah-Ofori, C. Boachie","doi":"10.1109/ICSIoT47925.2019.00019","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00019","url":null,"abstract":"Due to the invincibility nature of cyber attacks onthe cyber supply chain (CSC), and the cascading effects ofmalware infections, we use machine learning to predictattacks. As organizations have become more reliant on CSCsystems for business continuity, so are the increase invulnerabilities and the threat landscapes. Some traditionalapproach to detecting and defending malware attack haslargely been antimalware or antivirus software such asspam filters, firewall, and IDS/IPS. These tools largelysucceed, however, as threat actors get more intelligent, theyare able to circumvent and affect nodes on systems whichthen propagates. In our previous work, we characterizedthreat actor activities, including presumed intent andhistorically observed behaviour, for the purpose ofascertaining the current threats that could be exploited. Inthis paper, we use ML techniques to learn dataset andpredict which CSC nodes have detection or no detection. The purpose is to predict which modes are venerable tocyberattacks and for predicting future trends. Todemonstrate the applicability of our approach, we used adataset from Microsoft Malware Prediction website. Further, an ensemble is used to link Logistic Regression, and Decision Tree and SVM algorithms in Majority Votingand run on the training data and then use 10-fold crossvalidation to test the parameter estimation, accurate resultsand predictions. The results show that ML algorithms inDecision Trees methods can be used in cyber supply chainpredict analytics to detect and predict future cyber attacktrends.","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123915575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00009
Kester Quist-Aphetsi, Henry Blankson
To maintain and ensure that the quality of water produced from the water treatment plant and the same quality is delivered to customers, there is the need to create a mechanism called the Data Logging System, where data will be collected from strategic points along the distribution pipe line, using sensors planted on the distribution line and if there is any change in one of the characteristics of the quality of the water, it could quickly be detected remotely using a distributed system. The purpose of this paper is to propose a hybrid data logging system by using cryptographic hash blocks based on Secure Hash Function 256 (SHA-256) and Message Digest 5 (MD5) to monitor the quality of water produced from the water treatment plant to the customers. The hash functions generated at the data logging centre using cryptographic hash blocks based on SHA-256 and MD5 (Hybrid) will be secured and very difficult to attack because it was stored using the Blockchain technology.
{"title":"A Hybrid Data Logging System Using Cryptographic Hash Blocks Based on SHA-256 and MD5 for Water Treatment Plant and Distribution Line","authors":"Kester Quist-Aphetsi, Henry Blankson","doi":"10.1109/ICSIoT47925.2019.00009","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00009","url":null,"abstract":"To maintain and ensure that the quality of water produced from the water treatment plant and the same quality is delivered to customers, there is the need to create a mechanism called the Data Logging System, where data will be collected from strategic points along the distribution pipe line, using sensors planted on the distribution line and if there is any change in one of the characteristics of the quality of the water, it could quickly be detected remotely using a distributed system. The purpose of this paper is to propose a hybrid data logging system by using cryptographic hash blocks based on Secure Hash Function 256 (SHA-256) and Message Digest 5 (MD5) to monitor the quality of water produced from the water treatment plant to the customers. The hash functions generated at the data logging centre using cryptographic hash blocks based on SHA-256 and MD5 (Hybrid) will be secured and very difficult to attack because it was stored using the Blockchain technology.","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124885947","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00023
Abel Yeboah-Ofori, E. Yeboah-Boateng, Herbert Gustav Yankson
Digital forensic investigations (DFI) is a process of investigating computers and its associated media to determine whether it has been used to commit a crime or gain unauthorized access. cyberattacks and cybercrimes can be committed globally but reported locally. However, DFI processes vary relative to a particular jurisdiction. Relativism is the perception of universal norms of what is right and wrong or legal and illegal. Although cybercrimes are illegal, what constitutes illegal is relative to a jurisdiction. Cyber espionage attacks may be considered legal or illegal based on economic advantage for someone or as target for attack based on motive and intent. Further, following legal procedures in evidence gathering at a digital crime scene is critical for prosecution. However, there are challenges in gathering evidence using the existing DFI models on all attacks. UNODC, report on the globalization of cybercrimes highlighted the challenges of cybercrime and ranked some emerging economies among the first 10 offending nations globally. There are existing models that are specific to certain jurisdictions and assist the judiciary, law enforcement agencies, and forensic experts. Consequently, presenting digital forensic evidence in court has proved to be challenging, due to a lack of procedures and DFI models specific to emerging economies. In this paper, we identify the phase that is relevant and could facilitate DFI processes from emerging economies' perspective. Further, we review some existing models to determine their relative procedures. This paper does not negate existing models, rather derives a relative model from existing models. We propose a model that will improve the DFI process from the result of the evaluation with inference from international standards.
{"title":"Relativism Digital Forensics Investigations Model: A Case for the Emerging Economies","authors":"Abel Yeboah-Ofori, E. Yeboah-Boateng, Herbert Gustav Yankson","doi":"10.1109/ICSIoT47925.2019.00023","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00023","url":null,"abstract":"Digital forensic investigations (DFI) is a process of investigating computers and its associated media to determine whether it has been used to commit a crime or gain unauthorized access. cyberattacks and cybercrimes can be committed globally but reported locally. However, DFI processes vary relative to a particular jurisdiction. Relativism is the perception of universal norms of what is right and wrong or legal and illegal. Although cybercrimes are illegal, what constitutes illegal is relative to a jurisdiction. Cyber espionage attacks may be considered legal or illegal based on economic advantage for someone or as target for attack based on motive and intent. Further, following legal procedures in evidence gathering at a digital crime scene is critical for prosecution. However, there are challenges in gathering evidence using the existing DFI models on all attacks. UNODC, report on the globalization of cybercrimes highlighted the challenges of cybercrime and ranked some emerging economies among the first 10 offending nations globally. There are existing models that are specific to certain jurisdictions and assist the judiciary, law enforcement agencies, and forensic experts. Consequently, presenting digital forensic evidence in court has proved to be challenging, due to a lack of procedures and DFI models specific to emerging economies. In this paper, we identify the phase that is relevant and could facilitate DFI processes from emerging economies' perspective. Further, we review some existing models to determine their relative procedures. This paper does not negate existing models, rather derives a relative model from existing models. We propose a model that will improve the DFI process from the result of the evaluation with inference from international standards.","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"245 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132649301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-05-01DOI: 10.1109/ICSIoT47925.2019.00013
Michael Christopher Xenya, Kester Quist-Aphetsi
Due to the fact that financial data stands a great risk of attack, several schemes are being deployed to ensure security and integrity of financial data. In considering the security of the financial transaction data, it is essential to consider a network that ensure that processing nodes would have copies of the financial accounting ledger so as to prevent complete when a section of the network fails. In this article we propose an application of a blockchain to financial transaction data backup mechanism over a decentralized network. By using a decentralized distributed blockchain ledger, each node can have a copy of the transaction data such that, failure in one node does not engender a total failure in transaction data. The system have been described and simulated using the element of account ledger which consist of credit and debit transaction accompanied by timestamps and transaction ID. To secure this information in the chain each block contains in addition to the account ledger information a hash of the previous block as well as the hash of the current block.
{"title":"Decentralized Distributed Blockchain Ledger for Financial Transaction Backup Data","authors":"Michael Christopher Xenya, Kester Quist-Aphetsi","doi":"10.1109/ICSIoT47925.2019.00013","DOIUrl":"https://doi.org/10.1109/ICSIoT47925.2019.00013","url":null,"abstract":"Due to the fact that financial data stands a great risk of attack, several schemes are being deployed to ensure security and integrity of financial data. In considering the security of the financial transaction data, it is essential to consider a network that ensure that processing nodes would have copies of the financial accounting ledger so as to prevent complete when a section of the network fails. In this article we propose an application of a blockchain to financial transaction data backup mechanism over a decentralized network. By using a decentralized distributed blockchain ledger, each node can have a copy of the transaction data such that, failure in one node does not engender a total failure in transaction data. The system have been described and simulated using the element of account ledger which consist of credit and debit transaction accompanied by timestamps and transaction ID. To secure this information in the chain each block contains in addition to the account ledger information a hash of the previous block as well as the hash of the current block.","PeriodicalId":226799,"journal":{"name":"2019 International Conference on Cyber Security and Internet of Things (ICSIoT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133132070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: