Académique Documents
Professionnel Documents
Culture Documents
IT 841
Unit I
Cyber Security:
What You Need to Know?
2
99-1 Principle (Roughly)
99% of the attacks are thwarted by basic hygiene and some luck
DO
Think before you click etcetera
Up-to-date anti-virus, firewall and site advisor
BUT
Some new attacks may get through. However, attacker may only use your machine
to attack others and not attack you per se.
Will not prevent data loss by merchants and other servers. However, still have
safety in numbers. Attackers can steal a lot of account numbers but can exploit
much fewer.
Typically done via secret questions and email to preferred email account
Mothers aide a e?
Fathers iddle a e?
Fa orite pets a e?
etcetera
As detailed i the posti gs, the Pali ha k did t e ui e a y eal skill. I stead, the
ha ke si ply eset Pali s passwo d usi g he i thdate, )IP ode a d i fo atio
about where she met her spouse the security question on her Yahoo account,
whi h was a swe ed Wasilla High y a si ple Google sea h.
Password reset on preferred email account itself done via secret questions
Conundrum
Real answers easy to remember but discoverable via Google
False answers hard to remember but safe from Google
4
Crystal Ball: In the Year 2025
PRIVACY
Expectation (and delivery) of privacy is close to zero
E-COMMERCE SECURITY
Close to perfect
5
Crystal Ball: In the Year 2025
PAST, PRESENT
Cyber security is a young and immature field
The attackers are more innovative than defenders
Defenders are mired in FUD (fear, uncertainty and doubt) and fairy
tales
Attack back is illegal or classified
FUTURE
Cyber security will become a scientific discipline
Cyber security will be application and technology centric
C er se urit ill e er e sol ed ut ill e a aged
Attack back will be a integral part of cyber security
6
Cyber Security: Major Trends
Security Objectives:
Black-and-white to shades of grey
Attackers:
Innovative beyond belief
Defenders:
Need new doctrine
7
Cyber Security: Major Trends
Security Objectives:
Black-and-white to shades of grey
Attackers:
Innovative beyond belief
Defenders:
Need new doctrine
8
Cyber Security Objectives
INTEGRITY AVAILABILITY
authenticity access
CONFIDENTIALITY
disclosure
9
World-Leading Research with Real-World Impact!
Cyber Security Objectives
USAGE
purpose
INTEGRITY AVAILABILITY
authenticity access
CONFIDENTIALITY
disclosure
10
Cyber Security
Objectives
USAGE
purpose
CONFIDENTIALITY
disclosure
11
Cyber Security: Major
Security Objectives:
Trends
Black-and-white to shades of grey
Attackers:
Innovative beyond belief
Defenders:
Need new doctrine
12
Attackers: Innovative Beyond Belief
Major Innovations
Botnets
Robust underground economy and supply chain
Targeted attacks
Stealthy attacks
Some Examples
Drive by downloads
Scareware
Doctored online statements
Long-lived stealth attacks
Status
Attackers have sizable inventory of known but unused or rarely used
tricks 13
Attackers:
Innovative beyond belief
Defenders:
Need new doctrine
14
Defenders: Need New Doctrine
Research Laboratories
FlexCloud: cloud platform
FlexFarm: malware honeyfarm
Community exercises: the real real-world
Core Differentiators
the flagship for cyber security research at UTSA
unique amongst the myriad academic cyber security centers in the country
due to their demonstrable emphasis on real-world impact 16
Digital signature overview
Informal definition
Informally, a digital signature is a technique for establishing the origin
of a particular message in order to settle later disputes about what
message (if any) was sent.
The purpose of a digital signature is thus for an entity to bind its identity
to a message.
We use the term signer for an entity who creates a digital signature,
and the term verifier for an entity who receives a signed message and
attempts to check whether the digital signature is correct or not.
Digital signatures have many attractive properties and it is very
important to understand exactly what assurances they provide and what
their limitations are.
While data confidentiality has been the driver behind historical
cryptography, digital signatures could be the major application of
cryptography in the years to come.
18
Electronic signatures
The European Community Directive on electronic signatures
refers to the concept of an electronic signature as:
19
Advanced electronic signatures
The European Community Directive on electronic signatures
also refers to the concept of an advanced electronic
signature as:
20
Security requirements
We will define a digital signature on a message to be some data that provides:
21
Input to a digital signature
The message
Since a digital signature needs to offer data origin authentication (and
non-repudiation) it is clear that the digital signature itself must be a piece
of data that depends on the message, and cannot be a completely
separate identifier.
It may be sent as a separate piece of data to the message, but its
computation must involve the message.
A secret parameter known only by the signer
Since a digital signature needs to offer non-repudiation, its calculation
must involve a secret parameter that is known only by the signer.
The only possible exception to this rule is if the other entity is totally
trusted by all parties involved in the signing and verifying of digital
signatures.
22
Properties of a digital signature
Easy for the signer to sign a message
There is no point in having a digital signature scheme that involves
the signer needing to use slow and complex operations to compute
a digital signature.
Easy for anyone to verify a message
Similarly we would like the verification of a digital signature to be as
efficient as possible.
Hard for anyone to forge a digital signature
It should be practically impossible for anyone who is not the
legitimate signer to compute a digital signature on a message that
appears to e alid. B appears to e alid e ea that a o e
who attempts to verify the digital signature is led to believe that
they have just successfully verified a valid digital signature on a
message.
23
Arbitrated digital signatures
2 3
KS Arbitrator
KV
1
4
Signer KS KV Verifier
24
Arbitrated digital signatures
1.
Explain why arbitrated digital signatures
a)
meet the security requirements
b)
have the properties that we required
for a digital signature.
2.
How does the verifier check the first MAC, computed using KS?
3.
What is the main (practical) problem with implementing arbitrated
signatures?
25
True digital signatures
The vast majority of digital signature techniques do not involve having to
communicate through a trusted arbitrator.
A true digital signature is one that can be sent directly from the signer
to the verifier. For the rest of this unit when we say digital signature we
mean true digital signature.
26
A naive approach
1.
Given the apparent symmetry of the requirements for public key
encryption and digital signatures, propose a nave approach to
designing a digital signature scheme.
2.
State two reasons why the above approach is nave.
27
2. Hash functions
Hash functions
A hash function is a mathematical function that generally has the
following three properties:
29
Hash functions
2. Is one-way
The hash function should be easy to compute, but given the hash of
some data it should be very hard to recover the original data from
the hash.
3. It is hard to find two inputs with the same output
It should be hard to find two different inputs (of any length) that
when fed into the hash function result in the same hash (collision
free).
Note that it is impossible for a hash function not to have collisions. If
arbitrarily large inputs are all being reduced to a fixed length hash
then there will be lots of collisions. (For example - it is impossible to
give each of 60 million people a different 4 digit PIN.) The point is
that these collisions should be hard to find.
30
Hash functions?
31
Practical hash functions?
There are several hash functions in common use that are believed
to be secure enough for general use.
Can you name them?
32
Hash functions and data integrity
A hash function provides a weak notion of data integrity.
If we had a list of MD5 hashes which contained information on all of our
operating system files on our home computer you could verify the values of your
files in the list and see which files have been changed or have been updated by
say a virus.
BUT
If a virus replaced the system file it could also replace the MD5 values in your
list with new ones and you would not be aware this had happened
33
Hash function applications
Digital signatures with appendix: hash-functions are used to bind data together
and make the signature process more efficient.
34
Is a MAC a hash function?
Have a fixed length output
Rely on a symmetric key
Provide data origin authentication (and data
integrity)
Typically constructed from block ciphers or hash
functions
35
HMAC
MAC = h( K || h( K || message ) )
36
3. Digital signature algorithms
Some caveats
We will focus this section on describing digital signatures based on RSA. Please
note:
38
Motivating different types of signature
39
Creating an RSA signature with appendix
message
1
hash
function message
3
signature
hash
signature
2
Signature
signature key
algorithm
40
Hashing before signing
41
Verifying an RSA signature with appendix
message
signature
1
2
hash
Verification
verification key function
algorithm
=?
3
Decision
42
RSA is special
You cannot obtain a digital signature scheme by swapping the
roles of the private and public keys of any public key cipher
system
Optional Task!
Express the operations involved in RSA signatures
mathematically to check that the process of verifying an RSA
signature with appendix does indeed work.
Now identify the special property of RSA that allows it to be used
as both an encryption and a signature algorithm.
43
Key separation
In real applications you should avoid using the
same RSA key pair for both encryption and for
digital signatures.
message message
add remove
padding / 1 4 padding /
redundancy redundancy
signature
45
Digital Signature Algorithm
Although there have been many different proposals for digital signature schemes,
only two systems have thus far proved to be fairly popular.
RSA digital signatures are one, and the other is a digital signature scheme based
on ElGamal that was proposed as the Digital Signature Algorithm (DSA) and
standardised by the U.S. Government as the Digital Signature Standard.
The DSA is a digital signature with appendix, but it cannot be used as a public key
encryption system in the same way that RSA can be it is a dedicated digital
signature scheme.
46
4. Security issues
Basis of signature security
1.
On what basis does a digital signature offer data origin
authentication?
2.
On what basis does a digital signature offer non-repudiation?
3.
How do the security properties of a MAC and a digital signature
differ?
48
Hand-written v digital signatures
Hand-written Property Digital signatures
signatures
Uniqueness
Accuracy of
creation
Consistency over
messages
Storage
Physical aspects
Difficulty of
forgery
Acceptability
Legal support
49
Two generic attacks
O tai so eo e else s private sig ature key
I a digital sig ature s he e ou are our pri ate ke .
This is one aspect of the problem of identity theft.
50
Two generic attacks
1.
How would you go about stealing someone elses private
signature key?
2.
How would you prevent someone persuading others that your
public verification key is actually theirs?
51
Security of hash functions
52
Security of hash functions
Suppose that we sign the message Keith owes Fred 10 by hashing it
using a hash function that has a hash of just 2 bits:
there are only four possible hashes: 00, 01, 10 or 11.
Fred receives this signed message, and being a manipulative type he
decides to change the message to Keith owes Fred 100. Of course
Fred does not have Keiths signature key, so he cannot digitally sign
this message. But he doesnt have to he only has to sign the hash!
53
Security of hash functions
Suppose the hash is 10 bits long in other words about 1000 hashes
Since there are only 1000 different possible values of the hash, there is a
very good chance that there will be at least one match
54
Security of hash functions
1.
What attack can Fred now launch against a payment clerk?
2.
What lesson have we learnt?
3.
How can this attack be easily avoided in practice?
55
Secure hash functions
In practice a common practical length for a hash is about 160 bits.
This makes finding collisions of the type just described extremely
unlikely, and also represents a significant compacting of the original
message length.
Much shorter hashes than 160 bits are insecure, as we have seen.
Much longer hashes than 160 bits might be secure, but are not as
efficient.
Finding good hash functions has proven to be a significant challenge to
cryptographers.
56
Summary
57
The Basics of Intellectual Property
Law
If ou do t see a pro le ith this
question, you need this class!
Intellectual Property *
Definition of Intellectual Property Rights:
The group of legal rights associated with patents,
trademarks, copyrights, and trade secrets.
Types of Intellectual Property
Patents
Trademarks
Copyrights
Unfair Competition
Trade Secrets
How to Acquire Rights
Patents
by Application, Examination and Grant
Trademarks & Service Marks
by Use in Interstate Commerce, then
registration
Copyright
by writing something --
perfected by declaration and registration
Types of IP a General Practice Attorney
is Likely to Encounter
Variants of Trade Secrets
Limited rights in technical data
Restricted rights in computer software
Government purpose rights
special license rights
Types of Patents
Utility
Plant
Design
Utility Patent
Trade names
Once a trade name was used to denote any mark descriptive of a
good or service.
Today, it is a company business name.
Acquiring Trademark Rights
Types of trademark
TM - a Trade Mark - used before registration
SM - a Service Mark SM - used before registration
Used in Interstate Commerce
Rights by Registration
Unfair Competition
Misuse of Trade Dress
Passing Off
Can the United States Government
Own a Trade/Service Mark?
YES!!!!
TOMAHAWK
Marine Corp Marathon
NAVYJOBS.COMSM
Let The Journey Begin SM
Can the United States be sued for
Trade/Service Mark Infringement?
YES!!!!!
In 1999, Congress removed Federal Government
sovereign immunity for trademark infringement
including going so far as to allow the US to be sued
in State court.
Other forms of IP
Copyright
Copyrights
Copyright law protects the expression of an idea.
Not the idea itself.
Copyright protects
origi al orks of authorship fi ed i a ta gi le
medium of expression, now known or later developed,
from which they can be perceived, reproduced, or
otherwise communicated, either directly or with the aid
of a a hi e or de i e. ( U..C. 102)
Original
The term original in the copyright law means that
the work originated with the author.
Technology Transfer
2
(T )
Technology Innovation Legislation
Stevenson-Wydler Technology Innovation Act of
1980
Bayh-Dole Act of 1980
Small Business Innovation Development Act of
1982
Cooperative Research Act of 1984
Federal Technology Act of 1986
Technology Innovation (Cont.)
Malcolm Baldridge National Quality
Improvement Act of 1987
Executive Orders 12591 and 12618 of 1987
Facilitating Access to Science and Technology
Other Acts Expanding What Can Be Done:
Defense Authorization Acts
National Competitiveness Technology Transfer Act
Department of Commerce Funding Acts
It is the continuing responsibility of the
Federal Government to ensure the full
use of the results of the Nations Federal
investment in research and development.
To this end the Federal Government shall
strive where appropriate to transfer
federally owned or originated technology
to State and Local Governments and to
Job Description for Researchers!
Each laboratory director shall
ensure that efforts to transfer
technology are considered
positively in laboratory job
descriptions, employee promotion
policies, and evaluation of the job
performance of scientists and
engineers in the laboratory.
CRADA = Cooperative Research and
Development Agreement
FEDERAL LABRATORY ... Personnel
Services
Property
Patent License Agreement
NON-FEDERAL PARTY... Personnel
Services
Property
$$$Money$$$
.
The Advantages of a CRADA
15 USC 3710c
(iii) The agency or laboratory shall retain the royalties and other payments received from an
invention until the agency or laboratory makes payments to employees of a laboratory under
clause (i) or (ii).
(B) The balance of the royalties or other payments shall be transferred by the agency to its
laboratories, with the majority share of the royalties or other payments from any invention going
to the laboratory where the invention occurred. The royalties or other payments so transferred
to any laboratory may be used or obligated by that laboratory during the fiscal year in which
they are received or during the succeeding fiscal year
(i) to reward scientific, engineering, and technical employees of the laboratory, including
developers of sensitive or classified technology, regardless of whether the technology has
commercial applications;
(ii) to further scientific exchange among the laboratories of the agency;
(iii) for education and training of employees consistent with the research and development
missions and objectives of the agency or laboratory, and for other activities that increase
the potential for transfer of the technology of the laboratories of the agency;
(iv) for payment of expenses incidental to the administration and licensing of intellectual
property by the agency or laboratory with respect to inventions made at that laboratory,
including the fees or other costs for the services of other agencies, persons, or
organizations for intellectual property management and licensing services; or
(v) for scientific research and development consistent with the research and development
missions and objectives of the laboratory.
Government Research Money is becoming increasingly scarce.
The Old Way wont work anymore!
Formulate
Hypothesis,
Accumulate
Data, Do
Extensive
Testing!
Formulate a
hypothesis,
Patent it.
Raise $17 million!
The World Intellectual Property Organization
and Its Program for SMEs
Brief History of WIPO
October 2010)
Basic Facts about WIPO
WIPOs Mission:
To promote the protection of IP rights
worldwide and extend the benefits
of the international IP system to all
member States
Governing Bodies
The WIPO General Assembly members of WIPO and of Paris and/or Berne (impt function election of DG)
The WIPO Conference members of WIPO
The WIPO Coordination Committee members of Paris and Berne (propose DG and agree on D and higher
appointments)
In addition, The Assemblies of the member states of each of the Unions, (e.g. the PCT Union Assembly; the Madrid Union Assembly etc.) were
established by the respective WIPO-administered treaties.
Standing Committees established for a given purpose
Standing Committee on the Law of Patents (SCP).
Standing Committee on the Law of Trademarks, Industrial Designs and Geographical Indications (SCT).
Standing Committee on Copyright and Related Rights (SCCR).
Standing Committee on Information Technologies (SCIT).
When a SC determines that sufficient progress has been made in order to move towards treaty adoption, the GA can decide to convene a Diplomatic
Conference.
Permanent Committees
Committees of Experts to revise and update the classification systems.
Program and Budget Committee
Committee on Development and Intellectual Property (CDIP)
Intergovernmental Committee on Intellectual Property and Genetic Resources, Traditional Knowledge and Folklore (IGC).
Advisory Committee on Enforcement (ACE).
Promotion of IP through:
Norm setting - Preparing for new treaties and developing and
administering treaties that are in force
Registration activities
IP for development
Other Services
Registration activities
Alternative dispute Resolution mechanisms
Arbitration and mediation
Treaties - 24
IP Protection- internationally agreed basic
standards of protection (Paris, Berne)
Registration- one application to have effect in many
(PCT, Madrid, Hague)
Classification-organize information concerning
inventions, trademarks and industrial designs into
indexed, manageable structures for easy retrieval
(Locarno, Nice)
Development Agenda for WIPO
Adopted: September 2007 to emphasize use of IP for
development
Internships at WIPO
Services
Registration Treaties
PCT
Madrid
Hague
Alternative dispute resolution
Arbitration and mediation Center
WIPO Provider of Premier Global IP
Services
Core income generating business areas:
Patent Cooperation Treaty (Patents)
Madrid System (Trademarks)
Hague System (Industrial Designs)
Lisbon System (Geographical Indications)
WIPO Arbitration and Mediation Center
Aim: to be the first choice for users by continuing to offer
cost-effective value-added services
PCT Statistics
180000
160000
140000
120000
100000
80000
60000
40000
20000
0
78 80 82 84 86 88 90 92 94 96 98 00 02 04 06 08
45,000
a changing geography of
40,000
innovation
35,000
+3.6%
30,000
25,000
20,000 -11.2%
15,000
+2.1% +29.7%
10,000
5,000
0
US JP DE KR CN FR GB NL CH SE IT CA FI AU IL
International Trademark Registration: The Madrid System
Trademarks Number of
by right-holder right-holders
Right-holders 79.60%
(169,939)
1-2 marks
3-10 marks
135,273
28,553 16.80%
11-100 marks 5,788 3.41%
101-500 marks 295 0.17%
> 500 marks 30 0.02%
Registrations
in force
(515,562)
11-100 marks
26.75% 3-10 marks
25.60%
85 Contracting Parties
WIPO Arbitration & Mediation Center
Alternative dispute resolution (ADR)
(http://arbiter.wipo.int)
Tamara Nanayakkara
Counsellor
SME SMEs,
Support creators
Institutions and users
of IP
Wealth Creation
website
newsletter
guides
IP Panorama
Studies
SMEs
90% of enterprises of any economy. The back bone of economic
development and growth
Few SMEs (high tech and start up) are technology developers (patents,
copyright)
Some are technology users (patent info)
Most are technology followers (TM, GI, Design etc)
IP system is relevant to all for their competitiveness. Exclusivity (IP
rights) and beyond (licensing, financing, partners, branding, franchising)
Obstacles
However, the IP system is an under-utilized tool
Limited awareness of the IP system and its relevance as
a strategic tool
High costs (filing, translation, drafting, maintain)
Complexity of IP system
Delays in obtaining IP rights
Lack of expertise to make use of the IP system
Success rate in getting IP rights (patents) low
Inability to monitor and enforce
Support Institutions
SME focal points in national governments;
Ministries, departments and other government-owned/funded agencies responsible for institutions or projects
such as science and technology parks, incubators, as well as ministries responsible for particular sectors such as
biotechnology, ICT, agriculture, higher education;
Chambers of commerce, and associations of industry and trade;
Intellectual property offices;
Banking and financing institutions;
Science and technology universities, Government funded R&D centres
Innovation, testing and demonstration centres,
Technology transfer, licensing, commercialization and management institutions;
Science and technology parks, incubators; ;
Small business consulting firms,
Universities or other institutions providing training in business, innovation management, technology management,
entrepreneurship, new product development etc
Associations of inventors, patent and/or trademark agents; Law firms;
IP management and consultancy firms etc
What Can Support Institutions do to Assist
mozambique
IP PANORAMA 12 Modules
Basic Modules Advanced Modules
1. Importance of IP for SMEs 6. Patent Information
2. Trademarks and Industrial 7. Technology Licensing in a
Designs Strategic Partnership
3. Invention and Patent 8. IP in the Digital Economy
4. Trade Secrets 9. IP and International Trade
5. Copyright and Related Rights 10. IP Audit
11. Valuation of IP Assets
12. Trademark Licensing
In Development
COMPANY LAW
BY:KC GARG,VIJAY GUPTA,POONAM GUPTA AND R.C CHAWLA
www.google.com
www.altavista.com
CONTENTS
INTRODUCTION
NEED FOR CYBER LAWS
CYBER LAWS IN INDIA
CYBER CRIMES
OFFENCES AND LAWS IN CYBER SPACE
CYBER LAWS AMENDMENTS
CONCLUSION
INTRODUCTION
GROWTH OF CYBER
SPACE
ONSET OF INTERNET
TACKLING CYBER
CRIMES
INTELLECTUAL
PROPERTY RIGHTS AND
COPYRIGHTS
PROTECTION ACT
CYBER LAWS IN INDIA
ITACT PASSED IN 2000
INTERNET IN INDIA
IMPLEMENTATION OF
CYBER LAW
REASONS FOR DELAY IN
IMPLEMENTATION OF
CYBER LAWS IN INDIA
IT ACT PROVISIONS
email would now be a valid and legal form of
communication in our country that can be duly
produced and approved in a court of law.
Confidentiality
Integrity
Availability
Confidentiality concerns
Eavesdropping
Wire Tapping
Active/Passive
E-mail snooping
Shoulder Surfing
Integrity Attacks
Data Diddling
Buffer Overflow
Used to insert malicious code
Channel violation
Spoofing
Availability Threats
Denial of Service (DDOS)
Ping of Death
SYN Flooding
Remote Shut Down
Tools and Techniques
Key Loggers
Password Crackers
Mobile Code
Trap Doors
Sniffers
Smurf (Ping tools)
Tools and Techniques
Viruses
Exe, Script, Datafile, Macro
Worms
Trojan Horse
Logic Bombs
Remote Access Trojans
Attacks on Cryptosystems
Data Confidentiality
User Authentication
Data Origin Authentication
Data Integrity
Non Repudiation.
Legal Recognition of Digital Signature
All information in electronic form which requires
affixing of signature for legal recognition now
satisfies if authenticated by affixing digital
signature.
Applicability includes:
Forms, licences, permits, receipt/payment of
money.
DIGITAL
SIGNATURES.
How Digital Signature Works
XYZ wants to send a message relating to new Tender
to DOD.
XYZ computes message digest of the plain text using
a Hash Algorithm.
XYZ encrypts the message digest with his private key
yielding a digital signature for the message.
XYZ transmits the message and the digital signature
to DOD.
Digital Signatures (Cont)
When DOD receives the message, DOD computes the
message digest of the message relating to plain text,
using same hash functions.
DOD de r pts the digital sig ature ith XYZs pu li
key.
If the two values match, DOD is assured that:
a. The originator of the message is XYZ and no
other person.
b. Message contents have not been tampered
with.
Digital Signatures- How & Why
Integrity, Authentication and Non Repudiation
1. Achieved by use of Digital Signatures
2. If a message can be decrypted by using a particular
se ders pu li ke it a e safel presu ed that
the message was encrypted with that particular
se ders pri ate ke .
3. A message digest is generated by passing the
message through a one-way cryptographic
function-i.e it cannot be reversed.
Digital Signatures- How & Why
4. When combined with message digest,
encryption using private key allows users to
digitally sign a message.
5. When digest of the message is encrypted using
senders private key and is appended to the
original message,the result is known as Digital
Signature of the message.
6. Changing one character of the message changes
message digest in an unpredictable way.
7. Recipient can be sure that the message was not
changed after message digest was generated if
message digest remains unaltered.
Digital Signatures
Central Government is conferred with powers to
make rules in respect of Digital Signatures. Rules
would prescribe Type of Digital Signature, Manner
and form in which Digital Signature shall be affixed
and procedure for identifying the person affixing
the Digital Signature.
Enabling Principles of Electronic
Commerce
Legal Recognition of Electronic Record.
Legal requirement of Information to be in writing
shall be deemed to be satisfied if it is:
a. Rendered or made available in an electronic
form.
b. Accessible so as to be usable for subsequent
reference.
RETENTION OF ELECTRONIC RECORDS.
203
Introduction
204
Caveat
This lecture is designed to provide an introduction
to this field from both a theoretical and practical
perspective.
Digital forensics is a maturing scientific field with
many sub-disciplines.
205
Computer Forensics
Fundamentals
Computer Forensics
Criminal Civil
Acquisition FRYE Federal Rules of Civil Procedure Expert Witness
Analysis FRE 702 Sedona Friend of the Court
Examination Daubert/Kumho Rowe Technical Expert
Report
206
Digital Forensic Science
Digital Forensic Science (DFS):
207
Communities
There at least 3 distinct communities within
Digital Forensics
Law Enforcement
Military
Business & Industry
Possibly a 4th Academia
208
Digital Forensic Science
209
Community Objectives
210
Cyber Forensics
Includes:
Networks (Network Forensics)
Small Scale Digital Devices
Storage Media (Computer forensics)
Code Analysis
211
Cyber Forensics
The scientific examination and analysis of
digital evidence in such a way that the
information can be used as evidence in a court
of law.
212
Cyber Forensic Activities
213
The 3 As
214
Context of Cyber Forensics
Homeland Security
Information Security
Corporate Espionage
White Collar Crime
Digital Forensics
Child Pornography
Traditional Crime Cyber Forensics
Incident Response
Employee Monitoring
Privacy Issues
????
215
1970s
Cyber Crime
Legislation
1980s
LE Investigative
Units
International LE
A Brief Timeline
1990s
Meeting
1st International
Conference on
CE
IOCE Formed
IOCE &
SWGDE
2000
RCFL in USA
COE
2001
Convention on
Cyber Crime
DFRWS
2003
ASCLD/LAB-DE
USA
ISO 17025
Journals
Conferences
2008
AAFS
Subsection?
Crime Scenes
Physical Crime Scenes vs. Cyber/Digital Crime
Scenes
Overlapping principals
The basics of criminalistics are constant across
both physical and cyber/digital
Lo ards Pri iple applies
Whe a perso o its a ri e so ethi g is al a s
left at the scene of the crime that was not present when
the perso arri ed
217
Digital Crime Scene
Digital Evidence
Digital data that establish that a crime has been
committed, can provide a link between a crime and its
victim, or can provide a link between a crime and the
perpetrator (Carrier & Spafford, 2003)
Digital Crime Scene
The electronic environment where digital evidence can
potentially exist (Rogers, 2005)
Primary & Secondary Digital Scene(s) as well
218
Forensic Principles
Digital/ Electronic evidence is extremely volatile!
Once the evidence is contaminated it cannot be de-
contaminated!
The courts acceptance is based on the best evidence
principle
With computer data, printouts or other output readable by
sight, and bit stream copies adhere to this principle.
Chain of Custody is crucial
219
Cyber Forensic Principles
The 6 Principles are:
1. When dealing with digital evidence, all of the general forensic and
procedural principles must be applied.
2. Upon seizing digital evidence, actions taken should not change that
evidence.
3. When it is necessary for a person to access original digital evidence, that
person should be trained for the purpose.
4. All activity relating to the seizure, access, storage or transfer of digital
evidence must be fully documented, preserved and available for review.
5. An Individual is responsible for all actions taken with respect to digital
evidence whilst the digital evidence is in their possession.
6. Any agency, which is responsible for seizing, accessing, storing or
transferring digital evidence is responsible for compliance with these
principles.
220
Process/Phases
Identification
Collection
Bag & Tag
Preservation
Examination
Analysis
Presentation/Report
221
Identification
The first step is identifying evidence
and potential containers of evidence
More difficult than it sounds
Small scale devices
Non-traditional storage media
Multiple possible crime scenes
222
Devices Identification
223
Identification
Context of the investigation is very
important
Do not operate in a vacuum!
Do not overlook non-electronic
sources of evidence
Manuals, papers, printouts, etc.
224
Collection
Care must be taken to minimize
contamination
Collect or seize the system(s)
Create forensic image
Live or Static?
Do you own the system
What does your policy say?
225
226
Collection: Documentation
227
Collection: Documentation
Take detailed photos and notes of the computer / monitor
If the o puter is o , take photos of hat is displa ed o the o itor DO
NOT ALTER THE SCENE
228
Collection: Documentation
Make sure to take photos and notes of all
connections to the computer/other devices
229
Collection: Imaging
Rule of Thu : ake opies a d do t ork
from the original (if possible)
A file copy does not recover all data areas of the
device for examination
Working from a duplicate image
Preserves the original evidence
Prevents inadvertent alteration of original evidence
during examination
Allows recreation of the duplicate image if necessary
230
Collection: Imaging
Digital evidence can be duplicated with no
degradation from copy to copy
This is not the case with most other forms of evidence
231
Collection: Imaging
Write blockers
Software
Hardware
Hardware write blockers are becoming the industry standard
USB, SATA, IDE, SCSI, SIM, Memory Cards
Not BIOS dependent
But still verify prior to usage!
232
Collection: Imaging
Forensic Copies (Bitstream)
Bit for Bit copying captures all the data on the copied
media including hidden and residual data (e.g., slack space,
swap, residue, unused space, deleted files etc.)
Ofte the s oki g gu is fou d i the residual data.
Imaging from a disk (drive) to a file is becoming the
norm
Multiple cases stored on same media
No risk of data leakage from underlying media
Remember avoid working for original
Use a write blocker even when examining a copy!
233
Imaging: Authenticity & Integrity
How do we demonstrate that the image is a true unaltered copy of
the original?
-Hashing (MD5, SHA 256)
A mathematical algorithm that produces a unique value (128 Bit, 512
Bit)
Can be performed on various types of data (files, partitions, physical drive)
The value can be used to demonstrate the integrity of your data
Changes made to data will result in a different value
The same process can be used to demonstrate the image has not
changed from time-1 to time-n
234
Examination
Higher level look at the file system representation of the data on
the media
Verify integrity of image
MD5, SHA1 etc.
Recover deleted files & folders
Determine keyword list
What are you searching for
Determine time lines
What is the timezone setting of the suspect system
What time frame is of importance
Graphical representation is very useful
235
Examine directory
tree
Examination
What looks out of place
Stego tools installed Search for relevant
Evidence Scrubbers evidence types
Perform keyword Hash sets can be useful
searches Graphics
Indexed
Slack & unallocated Spreadsheets
space Hacking tools
Etc.
When is enough
enough??
236
Issues
lack of certification for tools
Lack of standards
lack of certification for professionals
lack of understanding by Judiciary
lack of curriculum accreditation
Rapid changes in technology!
Immature Scientific Discipline
237
Careers
One of the fastest
growing job
markets!
238
Paths to Careers in CF
Certifications
Associate Degree
Bachelor Degree
Post Grad Certificate
Masters
Doctorate
239
Job Functions
CF Technician
CF Investigator
CF Analyst/Examiner (lab)
CF Lab Director
CF Scientist
240
Professional Opportunities
Law Enforcement
Private Sector
Intelligence Community
Military
Academia
241
Summary
Cyber Forensics is a maturing forensic Science
AAFS new section Feb 2008
Excellent career opportunities
Proper education & training is paramount!
242
QUestions???
243
Contact Information
cyberforensics@mac.com
http://www.cyberforensics.purdue.edu
765-494-2561
244
Unit V
www.dataprotection.gov.uk
Information flows that need to be understood for compliance with data
Figure 4.7
protection legislation
Legal Sparrows eight areas
1. Marketing your e-commerce business
2. Forming an electronic contract
3. Making and accepting payment
4. Authenticating contracts concluded over the
Internet
5. E-mail risks
6. Protecting Intellectual Property
7. Advertising on the Internet
8. Data protection.
Major issues
General Ethical Issues
Categories of Public Policy and Politcal Issues
Privacy
Intellectual Property Rights
Free Speech
Taxation
http://www.whatiscopyright.org/
For example, my brother is a musician and he lives in the United States. When he writes new
lyrics, he prints them out on paper, signs his name at the bottom with the Copyright
symbol to show that he is the author, places it in an envelope and mails it to himself without
opening it. His copyright begins at the moment he puts his idea in a tangible form by printing
the lyrics out on paper. He creates proof when he mails it to himself - the postmark
establishes the date of creation. He then registers his copyright with the U.S. Copyright Office
which is a requirement in order to sue for monetary damages should a violation of his
copyright arise. However, if somebody copies and redistributes his lyrics without permission
before his copyright is registered, he still has the right to assert a copyright claim as the true
author.
The above applies to digital art and graphics. Open a gif, jpg or png file that you created and
look at the properties. It states the date that you saved it to your hard drive as the date of
creation. If somebody copies a graphic from your web site I assure you that the date of
creation on your copy of the file is earlier than the copy taken off your web site. If that still
doesn't feel like enough proof for you, save everything to a floppy disk and mail it to yourself
via certified mail. Keep the envelope sealed, wrap it in protective plastic and put it in a safe
place.