Visible to the public Cyber Security, Cyber Warfare, and Digital Forensics (CyberSec) - Beirut, Lebanon

SoS Newsletter- Advanced Book Block

Cyber Security, Cyber Warfare, And Digital Forensics - Beirut

The 2014 Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), was held April 29 2014-May 1 2014 at Beirut, Lebanon.  The twelve papers published from it are cited here.


Watney, M., "Challenges Pertaining To Cyber War Under International Law," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.1,5, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913962 State-level intrusion in the cyberspace of another country seriously threatens a state's peace and security. Consequently many types of cyberspace intrusion are being referred to as cyber war with scant regard to the legal position under international law. This is but one of the challenges facing state-level cyber intrusion. The current rules of international law prohibit certain types of intrusion. However, international law does not define which intrusion fall within the prohibited category of intrusion nor when the threshold of intrusion is surpassed. International lawyers have to determine the type of intrusion and threshold on a case-by-case basis. The Tallinn Manual may serve as guideline in this assessment, but determination of the type of intrusion and attribution to a specific state is not easily established. The current rules of international law do not prohibit all intrusion which on statelevel may be highly invasive and destructive. Unrestrained cyber intrusion may result in cyberspace becoming a battle space in which state(s) with strong cyber abilities dominate cyberspace resulting in resentment and fear among other states. The latter may be prevented on an international level by involving all states on an equal and transparent manner in cyberspace governance.

Keywords: law; security of data; Tallinn Manual; cyber war; cyberspace governance; cyberspace intrusion; international law; legal position; state-level cyber intrusion; Computer crime; Cyberspace; Force; Law; Manuals; Cyber war; Estonia; Stuxnet; challenges; cyberspace governance; cyberspace state-level intrusion; international law (ID#: 14-3392)



Holm, E.; Mackenzie, G., "The Importance Of Mandatory Data Breach Notification To Identity Crime," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.6,11, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913963 The relationship between data breaches and identity crime has been scarcely explored in current literature. However, there is an important relationship between the misuse of personal identification information and identity crime as the former is in many respects the catalyst for the latter. Data breaches are one of the ways in which this personal identification information is obtained by identity criminals, and thereby any response to data breaches is likely to impact the incidence of identity crime. Initiatives around data breach notification have become increasingly prevalent and are now seen in many State legislatures in the United States and overseas. The Australian Government is currently in the process of introducing mandatory data breach notification laws. This paper explores the introduction of mandatory data breach notification in Australia, and lessons learned from the experience in the US, particularly noting the link between data breaches and identity crime. The paper proposes that through the introduction of such laws, identity crimes are likely to be reduced.

Keywords: {computer crime; law; Australia; US; identity crime; mandatory data breach notification laws; personal identification information; Australia; Data privacy; Educational institutions; Government; Law; Privacy; Security; data breaches; identity crime; mandatory breach reporting; privacy (ID#: 14-3393)



Mohamed, I.A.; Bt Abdul Manaf, A., "An enhancement of traceability model based-on scenario for digital forensic investigation process," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.12,15, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913964 Digital forensic investigation process is about identifying and tracing the cause of the incident, whereby traceability is very important process during the investigation by searching for the evidence. However, the traceability model of digital forensic investigation process is enhanced based on scenario with proven literature and justification.

Keywords: digital forensics; program diagnostics; digital forensic investigation process; incident cause identification; incident cause tracing; traceability model based-on scenario enhancement; Adaptation models; Computational modeling; Conferences; Digital forensics; Educational institutions; Materials; Safety; Evidence; Forensic; Scenario; traceability (ID#: 14-3394)



Geepalla, E., "Comparison Between Alloy and Timed Automata for Modelling And Analysing Of Access Control Specifications," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.16,21, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913965 This paper presents a comparative study between Alloy and Timed Automata for modelling and analysing of access control specifications. In particular, this paper compares Alloy and Timed Automata for modelling and analysing of Access Control specifications in the context of Spatio-Temporal Role Based Access Control (STRBAC) from capability and performance points of view. To conduct the comparison study the same case study (SECURE bank system) is specified using Alloy and Timed Automata. In order to transform the specification of the Secure Bank system into Alloy and Timed Automata this paper makes use of our earlier methods AC2Alloy and AC2Uppaal respectively. The paper then identifies the most important advantages and disadvantages of Alloy and Timed Automata for modelling and analysing of access control specifications.

Keywords: authorisation; automata theory; bank data processing; directed graphs; formal specification;AC2Alloy method;AC2Uppaal method; SECURE bank system; STRBAC; access control specification analysis ;access control specification modelling; directed graph; spatio-temporal role based access control; timed automata; Access control; Analytical models; Automata; Clocks; Computational modeling; Metals; Object oriented modeling (ID#: 14-3395)



Yusoff, M.N.; Mahmod, R.; Dehghantanha, A.; Abdullah, M.T., "An Approach For Forensic Investigation in Firefox OS," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.22,26, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913966 The advancement of smartphone technology has attracted many companies in developing mobile operating system. Mozilla Corporation recently released Linux-based open source operating system, named Firefox OS. The emergence of Firefox OS has created new challenges, concentrations and opportunities for digital investigators. In general, Firefox OS is designed to allow smartphones to communicate directly with HTML5 applications using JavaScript and newly introduced WebAPI. However, the used of JavaScript in HTML5 applications and solely no OS restriction might lead to security issues and potential exploits. Therefore, forensic analysis for Firefox OS is urgently needed in order to investigate any criminal intentions. This paper will present an approach and methodology in forensically sound manner for Firefox OS.

Keywords: Internet; Java; Linux; application program interfaces; digital forensics; hypermedia markup languages; mobile computing; public domain software; smart phones; Firefox OS; HTML5 applications; JavaScript; Linux-based open source operating system; Mozilla Corporation; OS restriction; WebAPI; criminal intentions; digital investigation; forensic analysis; forensic investigation; mobile operating system; potential exploits; security issues; smartphone technology; Forensics; Google; Mobile communication; Operating systems; Security; Smart phones; Firefox OS; Forensic Method; Mobile forensics; digital investigation (ID#: 14-3396)



Yusoff, M.N.; Mahmod, R.; Abdullah, M.T.; Dehghantanha, A., "Mobile Forensic Data Acquisition in Firefox OS," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.27,31, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913967 Mozilla Corporation has recently released a Linux-based open source operating system, namely Firefox OS. The arrival of this Firefox OS has created new challenges, concentrations and opportunities for digital investigators. Currently, Firefox OS is still not fully supported by most of the existing mobile forensic tools. Even when the phone is detected as Android, only pictures from removable card was able to be captured. Furthermore, the internal data acquisition is still not working. Therefore, there are very huge opportunities to explore the Firefox OS on every stages of mobile forensic procedures. This paper will present an approach for mobile forensic data acquisition in a forensically sound manner from a Firefox OS running device. This approach will largely use the UNIX dd command to create a forensic image from the Firefox OS running device.

Keywords: Linux; data acquisition; image forensics; mobile computing; public domain software; Android phone; Firefox OS; Linux-based open source operating system; Mozilla Corporation ;UNIX dd command; digital investigators; forensic image; internal data acquisition; mobile forensic data acquisition; Data acquisition; Flash memories; Forensics; GSM; Mobile communication; Smart phones; Firefox OS; Mobile forensic; data acquisition (ID#: 14-3397)



Rjaibi, N.; Gannouni, N.; Ben Arfa, L.; Ben Aissa, A., "Modeling the Propagation Of Security Threats: An E-Learning Case Study," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on , vol., no., pp.32,37, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913968 In this paper, we propose a novel linear model for modeling the propagation of security threats among the system's architectural components which is the Threats Propagation model (TP). Our model is based on the Mean Failure Cost cyber-security model (MFC) and applied to an e-learning system. The Threats propagation model (TP) enables to show if a threat can propagate to other e-learning systems components. Then, it provides an efficient diagnostic about the most critical threats in order to make the best decision and to establish the suitable countermeasures to avoid them. Our proposed model is useful to implement a safe and secure e-learning environment.

 keywords: {computer aided instruction; security of data; MFC;e-learning system; linear model; mean failure cost cyber-security model; secure e-learning environment; security threat propagation modeling; system architectural components; Analytical models; Electronic learning; Malware; Servers; Shape; Vectors; Countermeasures; Critical security threats; E-learning; The Mean Failure Cost; Threats propagation model (ID#: 14-3398)



Hassan, Z.Z.; Elgarf, T.A.; Zekry, A., "Modifying Authentication Techniques In Mobile Communication Systems," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.38,44, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913969 Milenage algorithm applies the block cipher Rijnadael (AES) with 128 bit key and 128 bit block size. This algorithm is used in the 3GPP authentication and key generation functions (f1, f1*, f2, f3, f4, f5 and f5*) for mobile communication systems (GSM/UMTS/LTE). In this paper a modification of Milenage algorithm is proposed through a dynamic change of S-box in AES depending on secret key. To get a new secret key for every authentication process we add the random number (RAND) transmitted from the authentication center (AUC) to the contents of the fixed stored secret key (Ki) and thus the initialization of the AES will be different each new authentication process. For every change in secret key a new S-box is derived from the standard one by permuting its rows and columns with the help of a new designed PN sequence generator. A complete simulation of modified Milenage and PN sequence generator is done using Microcontroller (PIC18F452). Security analysis is applied using Avalanche test to compare between the original and modified Milenage. Tests proved that the modified algorithm is more secure than the original one due to the dynamic behavior of S-box with every change of the secret key and immunity against linear and differential cryptanalysis using Avalanche tests. This makes the modified Milenage more suitable for the applications of authentication techniques specially for mobile communication systems.

 Keywords: 3G mobile communication; cryptography; microcontrollers; telecommunication security; 3GPP authentication function; AES;AUC;GSM system; Global System for Mobile Communication; LTE system; Long-Term Evolution; Milenage algorithm;PIC18F452 microcontroller; RAND; Rijnadael block cipher; UMTS system; Universal Mobile Telecommunication System; advanced encryption standard; authentication center; authentication techniques; avalanche test; key generation function; mobile communication system; random number; secret key; security analysis; Authentication; Ciphers; Generators; Heuristic algorithms; Long Term Evolution; Mobile communication; Vectors; AES; Authentication vector (AV); Dynamic S-BOX and PN Sequence Generator(LFSR); F1∗; F2; F3; F4; F5; F5∗); Modified MILENAGE Algorithm for AKA Functions (F1} (ID#: 14-3399)



Jasim Mohammad, O.K.; Abbas, S.; El-Horbaty, E.-S.M.; Salem, A.-B.M., "Statistical Analysis For Random Bits Generation On Quantum Key Distribution," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.45,51, April 29 2014-May 1 2014

doi: 10.1109/CyberSec.2014.6913970 Recently, Quantum cryptography researchers utilize the quantum keys, in order to provide a more trusted environment for both key distribution and management processes. The quantum keys are generated based on quantum mechanics phenomena. However, all events for the quantum key generation rely on exchanging photons between parties over limited distances. So, in this paper, random tests algorithms, such as NIST and DIEHARD, are implemented to test and evaluate the randomness rates for quantum keys generation. After then, the initialized vector, which is the seed of the symmetric encryption algorithms, is established based on specific analysis to be a key for the algorithms. The paper utilizes the (BB84) quantum key distribution (QKD) protocol based on two different innovated modes, the raw and privacy modes.

Keywords: cryptographic protocols; quantum cryptography; statistical analysis; DIEHARD algorithm; NIST algorithm; QKD protocol; key distribution process; key management process; privacy mode; quantum cryptography; quantum key distribution; quantum mechanics phenomenon; random bits generation; random tests algorithm; raw mode; statistical analysis; Algorithm design and analysis ;Encryption; NIST; Photonics; Privacy; Protocols; binary distribution; cryptographic analysis; pseudo random number; quantum key distribution; random number generator; statistical test (ID#: 14-3400)



Kebande, V.R.; Venter, H.S., "A Cognitive Approach For Botnet Detection Using Artificial Immune System In The Cloud," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.52,57, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913971 The advent of cloud computing has given a provision for both good and malicious opportunities. Virtualization itself as a component of Cloud computing, has provided users with an immediate way of accessing limitless resource infrastructures. Botnets have evolved to be the most dangerous group of remote-operated zombie computers given the open cloud environment. They happen to be the dark side of computing due to the ability to run illegal activities through remote installations, attacks and propagations through exploiting vulnerabilities. The problem that this paper addresses is that botnet technology is advancing each day and detection in the cloud is becoming hard. In this paper, therefore, the authors' presents an approach for detecting an infection of a robot network in the cloud environment. The authors proposed a detection mechanism using Artificial Immune System (AIS). The results show that this research is significant.

Keywords: artificial immune systems; cloud computing; invasive software; virtualisation; AIS; artificial immune system; botnet detection; cloud computing; cognitive approach; directed graph network; resource infrastructure access; virtualization; Cloud computing; Computers; Detectors; Immune system; Monitoring; Pattern matching; Artificial immune system; Botnet; Cloud; Detection; Negative selection (ID#: 14-3401)



El Zouka, H.A.; Hosni, M.M., "On the Power Of Quantum Cryptography And computers," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.58,63, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913972 It is well known that threats and attacks to information on the digital network environment are growing rapidly, putting extra pressure on individuals and businesses to protect their privacy and intellectual property. For this reason, many cryptographic security protocols have been developed over the past decades in an attempt to protect the privacy between communicating parties and to reduce the risk of malicious attacks. However, most of the cryptographic algorithms developed so far are based on mathematical models and suffer from many security defects, such as: a brute force attack, factorization problem, and many others. Thus, most of these proposed cryptographic systems are not proven to be completely secure against the main threats of modern networking technologies and computing systems. In this paper, a security framework model for quantum cryptography system which is based on the physical properties of light particles is proposed and all security requirements to assist in ensuring confidentiality between communicating parties are incorporated. The research work in this paper is based on a series of experiments which have been advocated recently by some agencies and researchers who used the quantum technology as a more effective method for solving the key distribution problem. The results of the proposed method is demonstrated and validated by experimental results.

Keywords: cryptographic protocols; data privacy; quantum cryptography; brute force attack; communicating parties; computers; computing systems; cryptographic algorithms; cryptographic security protocols; cryptographic systems; digital network environment; factorization problem; intellectual property; key distribution problem; malicious attacks; mathematical models; modern networking technologies; privacy; putting extra pressure; quantum cryptography system; quantum technology; security defects; security framework model; security requirements; Ciphers; Encryption; Optical fibers; Photonics; Public key; Cryptanalysis; Cryptography; Quantum Key Distribution; Quantum Technology; Security Protocols (ID#: 14-3402)



Kaddour, M.; Tmazirte, N.A.; El-Najjar, M.E.; Naja, Z.; Moubayed, N., "Autonomous Integrity Monitoring For GNSS Localization Using Informational Approach And Iono-Free Measurements," Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014 Third International Conference on, pp.64,69, April 29 2014-May 1 2014. doi: 10.1109/CyberSec.2014.6913973 The Receiver Autonomous Integrity Monitoring (RAIM) is used to improve positioning system safety. This paper proposes a new RAIM approach to detect and exclude multi-faults of GNSS measurements before position estimation. The new approach uses the information filter for position estimation and information test to faults diagnosis. This test is based on exponential convergence of the information filter measured using the mutual information. Results with real data of GNSS measurements (C/A code and L1 phase) show the benefits of the proposed approach in improving the GNSS receiver integrity positioning.

Keywords: Global Positioning System; estimation theory; fault diagnosis; radio receivers; radiotelemetry; C-A code; GNSS localization; GNSS measurement;L1 phase; RAIM approach; autonomous integrity monitoring; fault diagnosis; informational approach; ionofree measurement; multifault detection; mutual information; position estimation; positioning system safety; receiver autonomous integrity monitoring approach; Global Positioning System; Information filters; Mutual information; phase measurement; Pollution measurement; Receivers; Satellites; GNNS localization; Information Filter; Information theory; Mutual Information (ID#: 14-3403)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.