Pub Date : 2014-09-01DOI: 10.1109/AsiaJCIS.2014.30
Shinichi Matsumoto, K. Sakurai
Web browser is a growing platform for the execution of various applications. There are large fractions of smartphone platforms that support the execution of web technology based application, especially one such as HTML 5. However there are also some emerging smartphone platforms that only support web technology based applications. Taking into the considerations of these situations may lead to a higher importance of forensic investigations on artifacts within the web browser bringing about the usefulness of the HTML5 specific attributes as evidences in mobile forensics. Through this paper, we explore the results of experiments that acquire the main memory image within terminal and extract the webStorage data as an evidence of the browsing activity. The memory forensics of web browsing activity is highly concerned. The evidences gathered from the HTML5 webStorage contents acquired from the main memory image are examined and the results of the observations indicate the ability to retrieve webStorage from the memory image is certain. Therefore, we proclaimed formats of evidences that are retrievable from the main memory. The formats were different depending on the type of web browser accessed. Three most utilized web browsers are experimented in this paper namely, Google Chrome, Mozilla Firefox and Microsoft Internet Explorer. The results showed that the acquisition of webStorage content on the browsers were possible and elucidated its formats. Values of webStorage is contained in the residuals that left by all of three web browsers. Therefore, if the investigator has the knowledge of values, he will be able to find the location of the evidence to hint values. If the investigator does not have the knowledge about the value, then he can explore the evidence based on the knowledge of the origin or key. Because the format of the evidence depends on Web browser, investigator must use different search techniques according to the Web browser.
Web浏览器是执行各种应用程序的一个不断发展的平台。有很大一部分智能手机平台支持基于web技术的应用程序的执行,尤其是HTML 5。然而,也有一些新兴的智能手机平台只支持基于web技术的应用程序。考虑到这些情况,可能会导致对web浏览器内的工件的取证调查变得更加重要,从而带来HTML5特定属性作为移动取证证据的有用性。通过本文,我们探索了在终端内获取主存储器图像并提取webStorage数据作为浏览活动证据的实验结果。web浏览活动的内存取证备受关注。对从主记忆图像中获取的HTML5 webStorage内容收集的证据进行了检查,观察结果表明,从记忆图像中检索webStorage的能力是确定的。因此,我们宣布了从主存储器中可检索的证据格式。格式根据访问的web浏览器类型而不同。本文实验了三种最常用的网页浏览器,即Google Chrome, Mozilla Firefox和Microsoft Internet Explorer。结果表明,在浏览器上获取webStorage内容是可能的,并阐明了其格式。webStorage的值包含在所有三个web浏览器留下的残差中。因此,如果侦查人员有价值的知识,他将能够找到证据提示价值的位置。如果调查人员不知道价值,那么他可以根据对来源或关键的了解来探索证据。由于证据的格式依赖于网络浏览器,侦查人员必须根据不同的浏览器使用不同的检索技术。
{"title":"Acquisition of Evidence of Web Storage in HTML5 Web Browsers from Memory Image","authors":"Shinichi Matsumoto, K. Sakurai","doi":"10.1109/AsiaJCIS.2014.30","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2014.30","url":null,"abstract":"Web browser is a growing platform for the execution of various applications. There are large fractions of smartphone platforms that support the execution of web technology based application, especially one such as HTML 5. However there are also some emerging smartphone platforms that only support web technology based applications. Taking into the considerations of these situations may lead to a higher importance of forensic investigations on artifacts within the web browser bringing about the usefulness of the HTML5 specific attributes as evidences in mobile forensics. Through this paper, we explore the results of experiments that acquire the main memory image within terminal and extract the webStorage data as an evidence of the browsing activity. The memory forensics of web browsing activity is highly concerned. The evidences gathered from the HTML5 webStorage contents acquired from the main memory image are examined and the results of the observations indicate the ability to retrieve webStorage from the memory image is certain. Therefore, we proclaimed formats of evidences that are retrievable from the main memory. The formats were different depending on the type of web browser accessed. Three most utilized web browsers are experimented in this paper namely, Google Chrome, Mozilla Firefox and Microsoft Internet Explorer. The results showed that the acquisition of webStorage content on the browsers were possible and elucidated its formats. Values of webStorage is contained in the residuals that left by all of three web browsers. Therefore, if the investigator has the knowledge of values, he will be able to find the location of the evidence to hint values. If the investigator does not have the knowledge about the value, then he can explore the evidence based on the knowledge of the origin or key. Because the format of the evidence depends on Web browser, investigator must use different search techniques according to the Web browser.","PeriodicalId":354543,"journal":{"name":"2014 Ninth Asia Joint Conference on Information Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122348402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In 1993, Smith and Lennon described a new public key cryptosystem based on a Lucas sequences, called Lucas cryptosystem (LUC). Its construction is similar to RSA, but its computing faster and using smaller key size than RSA with the same security strength. In this paper, we presented a new hardcore predicate of LUC and proved its security by the list decoding method developed by Akavia et al.
{"title":"Bit Security for Lucas-Based One-Way Function","authors":"Si-Wei Ren, Ke Lu","doi":"10.1109/AsiaJCIS.2014.9","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2014.9","url":null,"abstract":"In 1993, Smith and Lennon described a new public key cryptosystem based on a Lucas sequences, called Lucas cryptosystem (LUC). Its construction is similar to RSA, but its computing faster and using smaller key size than RSA with the same security strength. In this paper, we presented a new hardcore predicate of LUC and proved its security by the list decoding method developed by Akavia et al.","PeriodicalId":354543,"journal":{"name":"2014 Ninth Asia Joint Conference on Information Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128625733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-09-01DOI: 10.1109/AsiaJCIS.2014.15
Juanjuan Li, Zhenhua Liu, Longhui Zu
This paper presents a novel cipher text-policy attribute-based multi-use unidirectional proxy re-encryption scheme. In the proposed scheme, the tree access policy can be used to handle and (¡Ä), or (¡Å) and threshold (of) operators. We first formalize the security definition against chosen cipher text attack for cipher text-policy attribute-based multi-use unidirectional proxy re-encryption schemes, and then prove the proposed scheme to be secure under ADBDH assumption in the standard model. Furthermore, compared with other cipher text policy attribute-based proxy re-encryption schemes, our scheme is more efficient and allows the encryptor to control whether the cipher text need to be re-encrypted.
{"title":"Chosen-Ciphertext Secure Multi-use Unidirectional Attribute-Based Proxy Re-Encryptions","authors":"Juanjuan Li, Zhenhua Liu, Longhui Zu","doi":"10.1109/AsiaJCIS.2014.15","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2014.15","url":null,"abstract":"This paper presents a novel cipher text-policy attribute-based multi-use unidirectional proxy re-encryption scheme. In the proposed scheme, the tree access policy can be used to handle and (¡Ä), or (¡Å) and threshold (of) operators. We first formalize the security definition against chosen cipher text attack for cipher text-policy attribute-based multi-use unidirectional proxy re-encryption schemes, and then prove the proposed scheme to be secure under ADBDH assumption in the standard model. Furthermore, compared with other cipher text policy attribute-based proxy re-encryption schemes, our scheme is more efficient and allows the encryptor to control whether the cipher text need to be re-encrypted.","PeriodicalId":354543,"journal":{"name":"2014 Ninth Asia Joint Conference on Information Security","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127038293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-01-26DOI: 10.1109/AsiaJCIS.2014.29
Canyong Wang, Yaokai Feng, Junpei Kawamoto, Y. Hori, K. Sakurai
The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.
{"title":"A Parameterless Learning Algorithm for Behavior-Based Detection","authors":"Canyong Wang, Yaokai Feng, Junpei Kawamoto, Y. Hori, K. Sakurai","doi":"10.1109/AsiaJCIS.2014.29","DOIUrl":"https://doi.org/10.1109/AsiaJCIS.2014.29","url":null,"abstract":"The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.","PeriodicalId":354543,"journal":{"name":"2014 Ninth Asia Joint Conference on Information Security","volume":"449 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115610617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: