Chapter 8: On the Use of Hash Functions in. Computer Forensics
|
|
- Alexia Cannon
- 8 years ago
- Views:
Transcription
1 Harald Baier Hash Functions in Forensics / WS 2011/2012 2/41 Chapter 8: On the Use of Hash Functions in Computer Forensics Harald Baier Hochschule Darmstadt, CASED WS 2011/2012 Harald Baier Hash Functions in Forensics / WS 2011/2012 1/41 Fuzzy Hashing
2 Harald Baier Hash Functions in Forensics / WS 2011/2012 4/41 Fuzzy Hashing Harald Baier Hash Functions in Forensics / WS 2011/2012 3/41 Use Case: Prosecution 1. Police and prosecutors confronted with different storage media: Hard disk drives, solid-state drives, USB sticks. Mobile phones, SIM cards. Digital cameras, digital camcorders, SD cards. CDs, DVDs. RAM (dumps) Amount of distrained data often exceeds 1 terabyte.
3 Harald Baier Hash Functions in Forensics / WS 2011/2012 6/41 Different views of 1 terabyte 1 terabyte of digital text is (approximately) equal to: 1. 1 trillion characters: 1 character = 1 byte million pages: 1 page = 5000 characters years of printing time: 20 sheets per minute million kg of paper: onesided printed. 5. Paper stack of 22 km height: bulk of 0.1 mm. Harald Baier Hash Functions in Forensics / WS 2011/2012 5/41 Finding relevant files resembles... Source: tu-harburg.de Source: beepworld.de
4 Harald Baier Hash Functions in Forensics / WS 2011/2012 8/41... or is it solved for suspect files? Harald Baier Hash Functions in Forensics / WS 2011/2012 7/41 Fuzzy Hashing
5 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Definition and Security Applications 1. A hash function h is a function with two properties: Compression: h : {0, 1} {0, 1} n. Ease of computation: Computation of h(m) is fast in practice. 2. Notation: m is a document (e.g. a file, a device). h(m) its hash value or digest. 3. Sample security applications: Storage of passwords. Electronic signatures (MAC, asymmetric signatures). Computer forensics. Harald Baier Hash Functions in Forensics / WS 2011/2012 9/41 Hash Functions in Cryptography For use in cryptography, we have to impose further conditions: 1. Preimage Resistance: Let a hash value H {0, 1} n be given. It is infeasible in practice to find an input (i.e. a document m) with H = h(m). 2. Second Preimage Resistance: Let a document m {0, 1} be given. It is infeasible in practice to find a second document m with m m and h(m) = h(m ). 3. Collision Resistance: It is infeasible in practice to find any two documents m, m with m m and h(m) = h(m ).
6 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Avalanche Effect 1. Let m and h(m) be given. If m is replaced by m, h(m ) behaves pseudo randomly. = No control over the output, if the input is changed. 2. Consequences: If only one bit in m is changed to get m, the two outputs h(m) and h(m ) look very different. Every bit in h(m ) changes with probability 50%, independently of the number of different bits in m. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Sample Cryptographic Hash Functions Name MD5 SHA-1 SHA-256 SHA-512 RIPEMD-160 n Demo: 1. Computation of hash values using openssl. 2. Avalanche effect. 3. Performance.
7 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Fuzzy Hashing Harald Baier Hash Functions in Forensics / WS 2011/ /41 Use Cases 1. Ensure authenticity and integrity during data acquisition. Relevant for both dead and live analysis. Hash values must be protected: Written down by hand in investigation notebook. Compute a digital signature over it. 2. Identify known files: Whitelisting: Known to be good files. Blacklisting: Known to be bad files. 3. Bloom filters to efficiently identify a large set of files. Relevant security property of the hash function: Second-preimage resistance.
8 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Data Acquisition: Dead analysis 1. Investigation is performed on a copy. 2. Main goal of hashing: Preserve chain of custody. 3. Common approach for a storage medium: Compute hash value h1 over the whole original volume. Write hash value h1 down in physical logbook. Make a 1-to-1 copy of the volume using dd. Compute hash value h 2 over the copy. Write hash value h2 down in physical logbook. Work read-only on copy. To prove chain of custody, compute h 2 again and check, if h 1 = h 2 holds. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Example: Save first partition of a HDD Chain of custody preserved $ openssl dgst -sha1 /dev/hda1 SHA1(/dev/hda1)= c1e4449bfd504b60e85447afaa3cd100f7e59dad $ dd if=/dev/hda1 of=image-hda1.dd bs=512 $ openssl dgst -sha1 image-hda1.dd SHA1(image-hda1.dd)= c1e4449bfd504b60e85447afaa3cd100f7e59dad [INVESTIGATE read-only image-hda1.dd] $ openssl dgst -sha1 image-hda1.dd SHA1(image-hda1.dd)= c1e4449bfd504b60e85447afaa3cd100f7e59dad
9 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Example: Save first partition of a HDD Chain of custody destroyed $ openssl dgst -sha1 /dev/hda1 SHA1(/dev/hda1)= c1e4449bfd504b60e85447afaa3cd100f7e59dad $ dd if=/dev/hda1 of=image-hda1.dd bs=512 $ openssl dgst -sha1 image-hda1.dd SHA1(image-hda1.dd)= c1e4449bfd504b60e85447afaa3cd100f7e59dad [INVESTIGATE read-only image-hda1.dd] $ openssl dgst -sha1 image-hda1.dd SHA1(image-hda1.dd)= 568c68d97baf f509343b8b02d324e3d8 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Hash Functions in Data Acquisition: Assessment 1. Key problem: If original and copy differ by at least 1 bit, the chain of custody is broken. 2. Solutions: Compute hashes over smaller pieces of the input (e.g. file system blocks). This leads to segment hashes. Perform a binary search over original and copy to find differences.
10 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Whitelisting 1. Underlying Idea: Generate a database of known to be good files. Let G denote this set. Identify automatically an unsuspicious file on base of its hash value, which matches a fingerprint of a file in G. Exclude a known to be good file from further investigation. Significant reduction of irrelevant data. 2. Examples of unsuspicious files: System files of operating systems. Well-known benign applications like browsers, editors, Widespread database: Reference Data Set (RDS) of the National Software Reference Library (NSRL), maintained by NIST Harald Baier Hash Functions in Forensics / WS 2011/ /41 NSRL-RDS 1. Website 2. Current download version: RDS 2.34 from October Original software is kept to ensure court worthiness. 4. Propagated via CD. Download of iso-images from website via http. 5. RDS 2.34 comprises four iso-images of about 1.2 GB size. 6. Contains files and unique SHA-1 values (due to duplications across different software distributions) 7. Entries are arranged according to the SHA-1 values.
11 Harald Baier Hash Functions in Forensics / WS 2011/ /41 NSRL-RDS Sample entries $ less NSRLFile.txt "SHA-1","MD5","CRC32","FileName","FileSize","ProductCode","OpSystemCode","SpecialCode" " EDD92C4E3D2E F849","392126E756571EBF112CB1C1CDEDF926","EBD105A0","I05002T2.PFB",98865 " DA6391F7F5D2F7FCCF36CEBDA60C6EA02","0E53C14A3E48D94FF596A B492","AA6A7B16","00br2026.gif",2226, "000000A9E47BD385A0A3685AA12C2DB6FD727A20","176308F27DD52890F013A3FD80F92E51","D749B562","femvo523.wav",42748 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 "SHA-1","MD5","CRC32","FileName","FileSize","ProductCode",\\ "OpSystemCode","SpecialCode" " EDD92C4E3D2E F849",\\ "392126E756571EBF112CB1C1CDEDF926",\\ "EBD105A0","I05002T2.PFB",98865,3095,"WIN","" Harald Baier Hash Functions in Forensics / WS 2011/ /41 Whitelisting: Anti-detection 1. Task: Find a suspicious file s with h(s) = h(g): Attacker has to solve the second preimage problem for some g G. As of today hardly possible (even for MD5). If RDS is used, both SHA-1 and MD5 preimages have to be found. 2. Attack the whitelist: Breach integrity and authenticity of whitelist. Example: Attack the distribution channel. If RDS is downloaded via http, spoofing is possible.
12 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Whitelisting: Assessment 1. General assessment: Well-known and established process in computer forensics. If database is trusted, no false positives (positive = benign). 2. Possible bottleneck: Size of database. Size of database is increasing. Currently RDS is about 6 gigabyte. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Blacklisting 1. Underlying idea: Generate a database of known to be bad files. Let B denote this set. Find automatically a suspicious file on base of its fingerprint, which matches a fingerprint of a file in B. 2. Sample suspect files: Malware. Encryption or steganographic software. Corporate secrets. IPR protected files. Child pornography.
13 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Blacklisting: Evaluation 1. Anti-detection approach: Let a suspicious file b B be given. Change some (irrelevant) bit of b to get b. Consequence: h(b ) is very different from h(b). b is not detected automatically. 2. Core problem: Cryptographic requirements of a hash function and forensic goals are complementary. A suspicious file similar to an element of B is not detected. 3. Fragments of elements of B are not identified, too. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Fuzzy Hashing
14 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Goals 1. Overcome drawbacks of cryptographic hash functions in the context of computer forensics. 2. Main drawbacks are: Data acquisition: Integrity of copy is destroyed, if some bits change. White-/Blacklisting: Suspect files similar to known to be bad files are not detected. Fragments are not detected (due to deletion, fragmentation). 3. Currently known approaches: Segment hashes (also called block hashes): Tool dcfldd. Context-triggered piecewise hashes: Tool ssdeep. Similarity digests: Tool sdhash. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Segment Hashes 1. Underlying idea: Split input data (volume, file) in blocks of fixed length. Compute for each segment its cryptographic hash. Lookup in hash database for matches. 2. Original aim: Improve integrity of storage media.
15 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Segment Hashes: Example from NIST 1. Sample tool of Nicholas Harbour (since 2002): dcfldd: An extension of dd. Department of Defense Computer Forensics Laboratory. Provides MD5, SHA-1, SHA-2 family. 2. Evaluation by NIST (Douglas White, 2008): Hashing of File Blocks: When Exact Matches are not Useful. NIST worked on Windows 2000 and XP OS files. Main result: File-based data reduction leaves an average 30% of disk space for human investigation. Incorporating block hashes reduces this to an average of 15%. Assist in recognising wiped media. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Example: Save first partition of a HDD Chain of custody preserved $ dcfldd if=/dev/hda1 of=image-hda1.dd bs=512 hashwindow=4096 hash=sha : da0bd2b16c7cd5acb5695e9d81fb6d832cba85312d87e08d0c675e41b608de : 281f4b8ac2dcda0f3fd9a0642a694fedf829d7567a531b1cfc8925f94eebe7a : 1c05a3c7251b666c1ec4a2b689e25f95a92a311613ce685fdf7cbf e : 6c9c17f271f18587bcccf8f9c6154b4bff764664a3eb8ddf c5c4698b : c61cd658e73450dfb0dfc9a1d83cdbddd162d9194d81f27f0516bb107280e841 [REMOVED] $ dcfldd if=image-hda1.dd of=/dev/null bs=512 hashwindow=4096 hash=sha : da0bd2b16c7cd5acb5695e9d81fb6d832cba85312d87e08d0c675e41b608de : 281f4b8ac2dcda0f3fd9a0642a694fedf829d7567a531b1cfc8925f94eebe7a : 1c05a3c7251b666c1ec4a2b689e25f95a92a311613ce685fdf7cbf e : 6c9c17f271f18587bcccf8f9c6154b4bff764664a3eb8ddf c5c4698b : c61cd658e73450dfb0dfc9a1d83cdbddd162d9194d81f27f0516bb107280e841 [REMOVED]
16 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Example: Save first partition of a HDD Chain of custody partly destroyed $ dcfldd if=/dev/hda1 of=image-hda1.dd bs=512 hashwindow=4096 hash=sha : da0bd2b16c7cd5acb5695e9d81fb6d832cba85312d87e08d0c675e41b608de : 281f4b8ac2dcda0f3fd9a0642a694fedf829d7567a531b1cfc8925f94eebe7a : 1c05a3c7251b666c1ec4a2b689e25f95a92a311613ce685fdf7cbf e : 6c9c17f271f18587bcccf8f9c6154b4bff764664a3eb8ddf c5c4698b : c61cd658e73450dfb0dfc9a1d83cdbddd162d9194d81f27f0516bb107280e841 [REMOVED] $ dcfldd if=image-hda1.dd of=/dev/null bs=512 hashwindow=4096 hash=sha : da0bd2b16c7cd5acb5695e9d81fb6d832cba85312d87e08d0c675e41b608de : 281f4b8ac2dcda0f3fd9a0642a694fedf829d7567a531b1cfc8925f94eebe7a : 1c05a3c7251b666c1ec4a2b689e25f95a92a311613ce685fdf7cbf e : f361bc439d0fc4215eba5523cba663c5371d47c358d68b a29e972e : c61cd658e73450dfb0dfc9a1d83cdbddd162d9194d81f27f0516bb107280e841 [REMOVED] Harald Baier Hash Functions in Forensics / WS 2011/ /41 Segment Hashes: Evaluation 1. Anti-Blacklisting is very easy: Introduce an irrelevant byte in the first sector. All segment hashes differ from the stored segment hashes. Modified suspect file is not detected. Demo. 2. A good technique for whitelisting (see NIST results). 3. Size of segment hash database is large: 4096 byte block size, SHA-1. size of hash database size of raw data = = = 1 terabyte of raw data yields a 5 gigabyte hash database. 4. Hash database depends on the hashwindow size.
17 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Context Triggered Piecewise Hashes 1. Underlying idea: Split input data (volume, file) in blocks of variable length. The end points of the blocks are determined by a rolling hash: Its value only depends on the current context. A window (e.g. of size 7 bytes) slides over the input. Context = Bytes of input data in the current window. If rolling hash matches a trigger value, an end point is set. Rolling hash function is assumed to be pseudo random: P F. Compute for every segment its cryptographic hash. The sequence of these segment hashes is the context triggered piecewise hash (CTPH) of the input. Lookup in hash database for matches. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Context Triggered Piecewise Hashes 1. Originally proposed for spam detection (spamsum by Andrew Tridgell, 2002) 2. Ported to forensics by Jesse Kornblum, 2006: ssdeep.
18 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Piecewise Hashes: The algorithm Harald Baier Hash Functions in Forensics / WS 2011/ /41 CTPH: A sample tool 1. ssdeep (based on spamsum). 2. Window size is CTPH is a sequence of printable characters: Only the least significant 6 bits (LS6B) of a segment hash are considered. LS6B are encoded base ssdeep decides about a match: On base of the edit distance (changing, inserting,... characters) of two CTPHs. 5. Demo. Edit distance is rescaled to a percentage match score.
19 Harald Baier Hash Functions in Forensics / WS 2011/ /41 CTPH: Sample Research Questions 1. Rolling hash: Shall be efficient and pseudo random. Current implementation is fast, but not pseudo random. Task: Find a slightly slower, but pseudo random rolling hash. 2. Fragment detection: Kornblum s approach fails, if fragments are much smaller than the original file. Task: Find a different approach. 3. Edit distance: Kornblum s approach addresses text files (due to spam detection). Task: Find a more general approach, which also addresses images, videos,... Harald Baier Hash Functions in Forensics / WS 2011/ /41 Fuzzy Hashing Fuzzy Hashing
20 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Vision Fuzzy Hashing 1. Find a similarity preserving hash function. Fuzzy hash function, denoted by f. m and m are similar = f(m) and f(m ) are similar, too. 2. Find a general (forensic) metric to measure similarity: Let d : {0, 1} {0, 1} R + 0 be such a metric. d shall be applicable to txt, doc, odt, jpg, bmp, devices, f is a function with d(m 1, m 2 ) d(f(m 1 ), f(m 2 )). Harald Baier Hash Functions in Forensics / WS 2011/ /41 Fuzzy Hashing Fuzzy Hashing: Applications 1. Forensics (on the file level): Detect similar files. Blacklisting: Detect manipulated suspicious files. Find fragments of suspicious data. Whitelisting: Find changed unsuspicious files. 2. Biometrics: Template protection. 3. Malware: Detect obfuscated malware (e.g. metamorphic malware). 4. Junk mail detection.
21 Fuzzy Hashing Questions? Harald Baier Hash Functions in Forensics / WS 2011/ /41
Chapter 8 Hash functions in digital forensics Page 129
Page 129 In this chapter we describe the role of hash functions in digital forensics. Essentially hash functions are used for two main purposes: first, authenticity and integrity of digital traces are
More informationSecurity Aspects of Piecewise Hashing in Computer Forensics
Security Aspects of Piecewise Hashing in Computer Forensics Harald Baier Center for Advanced Security Research Darmstadt and Hochschule Darmstadt 64295 Darmstadt, Germany harald.baier@cased.de Frank Breitinger
More informationFuzzy Hashing for Digital Forensic Investigators Dustin Hurlbut - AccessData January 9, 2009
Fuzzy Hashing for Digital Forensic Investigators Dustin Hurlbut - AccessData January 9, 2009 Abstract Fuzzy hashing allows the investigator to focus on potentially incriminating documents that may not
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationMSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More information2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.
Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationDigital Evidence Search Kit
Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University
More informationNational District Attorneys Association National Center for Prosecution of Child Abuse. Computer Forensics for Prosecutors
National District Attorneys Association National Center for Prosecution of Child Abuse Computer Forensics for Prosecutors February 18-19, 2013 Portland, Oregon Detective Michael Smith Computer Crimes &
More informationDigital Forensics Tutorials Acquiring an Image with Kali dcfldd
Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Explanation Section Disk Imaging Definition Disk images are used to transfer a hard drive s contents for various reasons. A disk image can
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationHASH CODE BASED SECURITY IN CLOUD COMPUTING
ABSTRACT HASH CODE BASED SECURITY IN CLOUD COMPUTING Kaleem Ur Rehman M.Tech student (CSE), College of Engineering, TMU Moradabad (India) The Hash functions describe as a phenomenon of information security
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationElectronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure
Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationDIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,
DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationPractical computer security
Practical computer security Željko Vrba University of Oslo (includes content by: Vera Goebel, Matija Pužar and Andrew Tannenbaum) What is computer security? Very broad term File system security Network
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationHash Function JH and the NIST SHA3 Hash Competition
Hash Function JH and the NIST SHA3 Hash Competition Hongjun Wu Nanyang Technological University Presented at ACNS 2012 1 Introduction to Hash Function Hash Function Design Basics Hash function JH Design
More informationwinhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR
winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR Supervised by : Dr. Lo'ai Tawalbeh New York Institute of Technology (NYIT)-Jordan X-Ways Software Technology AG is a stock corporation
More informationHow to Send Stealth Text From Your Cell Phone
anonymous secure decentralized SMS stealthtext transactions WHITEPAPER STATE OF THE ART 2/8 WHAT IS STEALTHTEXT? stealthtext is a way to send stealthcoin privately and securely using SMS texting. stealthtext
More informationSecure USB Flash Drive. Biometric & Professional Drives
Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE
More informationERNW Newsletter 29 / November 2009
ERNW Newsletter 29 / November 2009 Dear Partners and Colleagues, Welcome to the ERNW Newsletter no. 29 covering the topic: Data Leakage Prevention A Practical Evaluation Version 1.0 from 19th of november
More informationSurvey of Disk Image Storage Formats
Survey of Disk Image Storage Formats Version 1.0 Common Digital Evidence Storage Format Working Group Digital Forensic Research Workshop September 1, 2006 Digital data that could be used as evidence are
More informationForensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+)
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationSignificance of Hash Value Generation in Digital Forensic: A Case Study
International Journal of Engineering Research and Development e-issn : 2278-067X, p-issn : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital
More informationDigital Forensics. Tom Pigg Executive Director Tennessee CSEC
Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze
More informationFIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive
FIPS 140 2 Non Proprietary Security Policy Kingston Technology Company, Inc. DataTraveler DT4000 G2 Series USB Flash Drive Document Version 1.8 December 3, 2014 Document Version 1.8 Kingston Technology
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationDigital Forensics. Larry Daniel
Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationProject: Simulated Encrypted File System (SEFS)
Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015 CS526: Information Security 1 Motivation Traditionally files are stored in the disk in plaintext. If the disk gets stolen by a perpetrator,
More informationTheoretical Aspects of Storage Systems Autumn 2009
Theoretical Aspects of Storage Systems Autumn 2009 Chapter 3: Data Deduplication André Brinkmann News Outline Data Deduplication Compare-by-hash strategies Delta-encoding based strategies Measurements
More information1.2 Using the GPG Gen key Command
Creating Your Personal Key Pair GPG uses public key cryptography for encrypting and signing messages. Public key cryptography involves your public key which is distributed to the public and is used to
More informationDefining Digital Forensic Examination and Analysis Tools Using Abstraction Layers
Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose
More informationDo-It-Yourself Guide to Storage Forensics. Richard Austin, CISSP Knowledge Transfer
Do-It-Yourself Guide to Storage Forensics Richard Austin, CISSP Knowledge Transfer SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationLive View. A New View On Forensic Imaging. Matthiew Morin Champlain College
Live View A New View On Forensic Imaging Matthiew Morin Champlain College Morin 1 Executive Summary The main purpose of this paper is to provide an analysis of the forensic imaging tool known as Live View.
More informationDesign and Analysis of Methods for Signing Electronic Documents Using Mobile Phones
Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones Pramote Kuacharoen School of Applied Statistics National Institute of Development Administration 118 Serithai Rd. Bangkapi,
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More informationHow To Store Data On A Computer (For A Computer)
TH3. Data storage http://www.bbc.co.uk/schools/gcsebitesize/ict/ A computer uses two types of storage. A main store consisting of ROM and RAM, and backing stores which can be internal, eg hard disk, or
More informationComputer Forensics using Open Source Tools
Computer Forensics using Open Source Tools COMP 5350/6350 Digital Forensics Professor: Dr. Anthony Skjellum TA: Ananya Ravipati Presenter: Rodrigo Sardinas Overview Use case explanation Useful Linux Commands
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationCA DLP. Stored Data Integration Guide. Release 14.0. 3rd Edition
CA DLP Stored Data Integration Guide Release 14.0 3rd Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationFixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006
Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006 Introduction: Fixity, in preservation terms, means that the digital object
More informationChapter 6 Electronic Mail Security
Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,
More informationCryptography and Network Security Chapter 11
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 11 Cryptographic Hash Functions Each of the messages, like each
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationA Standards-based Approach to IP Protection for HDLs
A Standards-based Approach to IP Protection for HDLs John Shields Staff Engineer, Modelsim Overview Introduction A Brief Status First Look at The Flow Encryption Technology Concepts Key Management Second
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure
More informationMessage Authentication Codes
2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex,
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationSkyRecon Cryptographic Module (SCM)
SkyRecon Cryptographic Module (SCM) FIPS 140-2 Documentation: Security Policy Abstract This document specifies the security policy for the SkyRecon Cryptographic Module (SCM) as described in FIPS PUB 140-2.
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationAN INVESTIGATION INTO COMPUTER FORENSIC TOOLS
AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS K.K. Arthur 1 H.S. Venter 2 Information and Computer Security Architectures (ICSA) Research Group University of Pretoria Pretoria Department of Computer Science
More informationPresentation on Black Hat Europe 2003 Conference. Security Analysis of Microsoft Encrypting File System (EFS) http://www.elcomsoft.
Presentation on Black Hat Europe 2003 Conference Security Analysis of Microsoft Encrypting File System (EFS) Microsoft Encrypting File System Encrypting File File System System (EFS) (EFS) is is a a new
More informationCapturing a Forensic Image. By Justin C. Klein Keane <jukeane@sas.upenn.edu> 12 February, 2013
Capturing a Forensic Image By Justin C. Klein Keane 12 February, 2013 Before you Begin The first step in capturing a forensic image is making an initial determination as to the
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationRandomized Hashing for Digital Signatures
NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationFortKnox Personal Firewall
FortKnox Personal Firewall User Manual Document version 1.4 EN ( 15. 9. 2009 ) Copyright (c) 2007-2009 NETGATE Technologies s.r.o. All rights reserved. This product uses compression library zlib Copyright
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationTIPS IN PREVENTING INFORMATION LEAKAGE
TIPS IN PREVENTING INFORMATION LEAKAGE 1 Presented by Christina Keing and Frankie Fu Information Security Section (ISS), ITSC 5 Sept 2008 AIMS 2 AGENDA Recent incidents What information to protect? How
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationNetwork Security. Task 1 Security Measures
Task 1 Security Measures Connecting your computer to a network, particularly the Internet, can put your computer and your data at risk. It is important, therefore, that you take some steps to secure your
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the
More informationOne-Way Encryption and Message Authentication
One-Way Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School
More informationChapter 15: Security
Chapter 15: Security Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing Security Defenses Firewalling
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationGuide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 4 Current Computer Forensics Tools Objectives Understand how to identify needs for computer forensics tools Evaluate the requirements
More informationSymantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2
Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.1 Prepared for: Prepared
More informationwww.vmpcrypt.com User s manual Table of content
www.vmpcrypt.com User s manual Table of content 1. INTRODUCTION... 3 2. INSTALLATION OF VMPCRYPT... 3 3. GENERAL IDEA OF CRYPTOGRAPHY AND CRITICAL ROLE OF KEY... 3 4. ENCRYPTION OF FILES AND FOLDERS...
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationCS 2112 Spring 2014. 0 Instructions. Assignment 3 Data Structures and Web Filtering. 0.1 Grading. 0.2 Partners. 0.3 Restrictions
CS 2112 Spring 2014 Assignment 3 Data Structures and Web Filtering Due: March 4, 2014 11:59 PM Implementing spam blacklists and web filters requires matching candidate domain names and URLs very rapidly
More informationWhere is computer forensics used?
What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic
More informationWeb Security (SSL) Tecniche di Sicurezza dei Sistemi 1
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
More informationFreeware Live Forensics tools evaluation and operation tips
Freeware Live Forensics tools evaluation and operation tips Ricci IEONG, Principal Consultant, ewalker Consulting Ltd Abstract Highlighted by a digital forensics investigation specialists from FBI in DFRWS
More informationIntroduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics
Introduction to Network Security Comptia Security+ Exam Domain 5 Computer Forensics Computer Forensics Forensics relates to the application of scientific knowledge and method to legal problems Investigating
More informationFirmware security features in HP Compaq business notebooks
HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot
More informationChecksums, your best friends, for security
Published in Linux for You, August 2008 issue. - - - - - - - - - - - - - - - - Checksums, your best friends, for security S. Parthasarathy drpartha@gmail.com Imagine that you write an electronic cheque
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationDigital forensic analysis aims to reconstruct
Hashing and Data Fingerprinting in Digital Forensics Hashing is a primary, yet underappreciated, tool in digital forensic investigations. Recent R&D has demonstrated that, with clever design, we can construct
More informationScene of the Cybercrime Second Edition. Michael Cross
Scene of the Cybercrime Second Edition Michael Cross Chapter 1 Facing the Cybercrime Problem Head-On 1 Introduction 2 Defining Cybercrime 2 Understanding the Importance of Jurisdictional Issues 3 Quantifying
More informationMDaemon Vs. Microsoft Exchange Server 2013 Standard
Comparison Guide Vs. The following chart is a side-by-side feature comparison of and. Flex Licensing Maximum Accounts Unlimited Unlimited SMTP, POP3, DomainPOP, and MultiPOP POP3 & SMTP Only SSL / TLS
More informationCompter Networks Chapter 9: Network Security
Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau
More informationCryptography and Network Security Chapter 12
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 12 Message Authentication Codes At cats' green on the Sunday he
More information