Cyber Security and Digital Forensics
Challenges and Future Trends
Advances in Cyber Security
1. Edition February 2022
432 Pages, Hardcover
Wiley & Sons Ltd
CYBER SECURITY AND DIGITAL FORENSICS
Cyber security is an incredibly important issue that is constantly changing, with new methods, processes, and technologies coming online all the time. Books like this are invaluable to professionals working in this area, to stay abreast of all of these changes.
Current cyber threats are getting more complicated and advanced with the rapid evolution of adversarial techniques. Networked computing and portable electronic devices have broadened the role of digital forensics beyond traditional investigations into computer crime. The overall increase in the use of computers as a way of storing and retrieving high-security information requires appropriate security measures to protect the entire computing and communication scenario worldwide. Further, with the introduction of the internet and its underlying technology, facets of information security are becoming a primary concern to protect networks and cyber infrastructures from various threats.
This groundbreaking new volume, written and edited by a wide range of professionals in this area, covers broad technical and socio-economic perspectives for the utilization of information and communication technologies and the development of practical solutions in cyber security and digital forensics. Not just for the professional working in the field, but also for the student or academic on the university level, this is a must-have for any library.
Audience: Practitioners, consultants, engineers, academics, and other professionals working in the areas of cyber analysis, cyber security, homeland security, national defense, the protection of national critical infrastructures, cyber-crime, cyber vulnerabilities, cyber-attacks related to network systems, cyber threat reduction planning, and those who provide leadership in cyber security management both in public and private sectors
Acknowledgment xxvii
1 A Comprehensive Study of Security Issues and Research Challenges in Different Layers of Service-Oriented IoT Architecture 1
Ankur O. Bang, Udai Pratap Rao and Amit A. Bhusari
1.1 Introduction and Related Work 2
1.2 IoT: Evolution, Applications and Security Requirements 4
1.2.1 IoT and Its Evolution 5
1.2.2 Different Applications of IoT 5
1.2.3 Different Things in IoT 7
1.2.4 Security Requirements in IoT 8
1.3 Service-Oriented IoT Architecture and IoT Protocol Stack 10
1.3.1 Service-Oriented IoT Architecture 10
1.3.2 IoT Protocol Stack 11
1.3.2.1 Application Layer Protocols 12
1.3.2.2 Transport Layer Protocols 13
1.3.2.3 Network Layer Protocols 15
1.3.2.4 Link Layer and Physical Layer Protocols 16
1.4 Anatomy of Attacks on Service-Oriented IoT Architecture 24
1.4.1 Attacks on Software Service 24
1.4.1.1 Operating System-Level Attacks 24
1.4.1.2 Application-Level Attacks 25
1.4.1.3 Firmware-Level Attacks 25
1.4.2 Attacks on Devices 26
1.4.3 Attacks on Communication Protocols 26
1.4.3.1 Attacks on Application Layer Protocols 26
1.4.3.2 Attacks on Transport Layer Protocols 28
1.4.3.3 Attacks on Network Layer Protocols 28
1.4.3.4 Attacks on Link and Physical Layer Protocols 30
1.5 Major Security Issues in Service-Oriented IoT Architecture 31
1.5.1 Application - Interface Layer 32
1.5.2 Service Layer 33
1.5.3 Network Layer 33
1.5.4 Sensing Layer 34
1.6 Conclusion 35
References 36
2 Quantum and Post-Quantum Cryptography 45
Om Pal, Manoj Jain, B.K. Murthy and Vinay Thakur
2.1 Introduction 46
2.2 Security of Modern Cryptographic Systems 46
2.2.1 Classical and Quantum Factoring of A Large Number 47
2.2.2 Classical and Quantum Search of An Item 49
2.3 Quantum Key Distribution 49
2.3.1 BB84 Protocol 50
2.3.1.1 Proposed Key Verification Phase for BB84 51
2.3.2 E91 Protocol 51
2.3.3 Practical Challenges of Quantum Key Distribution 52
2.3.4 Multi-Party Quantum Key Agreement Protocol 53
2.4 Post-Quantum Digital Signature 53
2.4.1 Signatures Based on Lattice Techniques 54
2.4.2 Signatures Based on Multivariate Quadratic Techniques 55
2.4.3 Hash-Based Signature Techniques 55
2.5 Conclusion and Future Directions 55
References 56
3 Artificial Neural Network Applications in Analysis of Forensic Science 59
K.R. Padma and K.R. Don
3.1 Introduction 60
3.2 Digital Forensic Analysis Knowledge 61
3.3 Answer Set Programming in Digital Investigations 61
3.4 Data Science Processing with Artificial Intelligence Models 63
3.5 Pattern Recognition Techniques 63
3.6 ANN Applications 65
3.7 Knowledge on Stages of Digital Forensic Analysis 65
3.8 Deep Learning and Modelling 67
3.9 Conclusion 68
References 69
4 A Comprehensive Survey of Fully Homomorphic Encryption from Its Theory to Applications 73
Rashmi Salavi, Dr. M. M. Math and Dr. U. P. Kulkarni
4.1 Introduction 73
4.2 Homomorphic Encryption Techniques 76
4.2.1 Partial Homomorphic Encryption Schemes 77
4.2.2 Fully Homomorphic Encryption Schemes 78
4.3 Homomorphic Encryption Libraries 79
4.4 Computations on Encrypted Data 83
4.5 Applications of Homomorphic Encryption 85
4.6 Conclusion 86
References 87
5 Understanding Robotics through Synthetic Psychology 91
Garima Saini and Dr. Shabnam
5.1 Introduction 91
5.2 Physical Capabilities of Robots 92
5.2.1 Artificial Intelligence and Neuro Linguistic Programming (NLP) 93
5.2.2 Social Skill Development and Activity Engagement 93
5.2.3 Autism Spectrum Disorders 93
5.2.4 Age-Related Cognitive Decline and Dementia 94
5.2.5 Improving Psychosocial Outcomes through Robotics 94
5.2.6 Clients with Disabilities and Robotics 94
5.2.7 Ethical Concerns and Robotics 95
5.3 Traditional Psychology, Neuroscience and Future Robotics 95
5.4 Synthetic Psychology and Robotics: A Vision of the Future 97
5.5 Synthetic Psychology: The Foresight 98
5.6 Synthetic Psychology and Mathematical Optimization 99
5.7 Synthetic Psychology and Medical Diagnosis 99
5.7.1 Virtual Assistance and Robotics 100
5.7.2 Drug Discovery and Robotics 100
5.8 Conclusion 101
References 101
6 An Insight into Digital Forensics: History, Frameworks, Types and Tools 105
G Maria Jones and S Godfrey Winster
6.1 Overview 105
6.2 Digital Forensics 107
6.2.1 Why Do We Need Forensics Process? 107
6.2.2 Forensics Process Principles 108
6.3 Digital Forensics History 108
6.3.1 1985 to 1995 108
6.3.2 1995 to 2005 109
6.3.3 2005 to 2015 110
6.4 Evolutionary Cycle of Digital Forensics 111
6.4.1 Ad Hoc 111
6.4.2 Structured Phase 111
6.4.3 Enterprise Phase 112
6.5 Stages of Digital Forensics Process 112
6.5.1 Stage 1 - 1995 to 2003 112
6.5.2 Stage II - 2004 to 2007 113
6.5.3 Stage III - 2007 to 2014 114
6.6 Types of Digital Forensics 115
6.6.1 Cloud Forensics 116
6.6.2 Mobile Forensics 116
6.6.3 IoT Forensics 116
6.6.4 Computer Forensics 117
6.6.5 Network Forensics 117
6.6.6 Database Forensics 118
6.7 Evidence Collection and Analysis 118
6.8 Digital Forensics Tools 119
6.8.1 X-Ways Forensics 119
6.8.2 SANS Investigative Forensics Toolkit - SIFT 119
6.8.3 EnCase 119
6.8.4 The Sleuth Kit/Autopsy 122
6.8.5 Oxygen Forensic Suite 122
6.8.6 Xplico 122
6.8.7 Computer Online Forensic Evidence Extractor (COFEE) 122
6.8.8 Cellebrite UFED 122
6.8.9 OSForeniscs 123
6.8.10 Computer-Aided Investigative Environment (CAINE) 123
6.9 Summary 123
References 123
7 Digital Forensics as a Service: Analysis for Forensic Knowledge 127
Soumi Banerjee, Anita Patil, Dipti Jadhav and Gautam Borkar
7.1 Introduction 127
7.2 Objective 128
7.3 Types of Digital Forensics 129
7.3.1 Network Forensics 129
7.3.2 Computer Forensics 142
7.3.3 Data Forensics 147
7.3.4 Mobile Forensics 149
7.3.5 Big Data Forensics 154
7.3.6 IoT Forensics 155
7.3.7 Cloud Forensics 157
7.4 Conclusion 161
References 161
8 4S Framework: A Practical CPS Design Security Assessment & Benchmarking Framework 163
Neel A. Patel, Dhairya A. Parekh, Yash A. Shah and Ramchandra Mangrulkar
8.1 Introduction 164
8.2 Literature Review 166
8.3 Medical Cyber Physical System (MCPS) 170
8.3.1 Difference between CPS and MCPS 171
8.3.2 MCPS Concerns, Potential Threats, Security 171
8.4 CPSSEC vs. Cyber Security 172
8.5 Proposed Framework 173
8.5.1 4S Definitions 174
8.5.2 4S Framework-Based CPSSEC Assessment Process 175
8.5.3 4S Framework-Based CPSSEC Assessment Score Breakdown & Formula 181
8.6 Assessment of Hypothetical MCPS Using 4S Framework 187
8.6.1 System Description 187
8.6.2 Use Case Diagram for the Above CPS 188
8.6.3 Iteration 1 of 4S Assessment 189
8.6.4 Iteration 2 of 4S Assessment 195
8.7 Conclusion 200
8.8 Future Scope 201
References 201
9 Ensuring Secure Data Sharing in IoT Domains Using Blockchain 205
Tawseef Ahmed Teli, Rameez Yousuf and Dawood Ashraf Khan
9.1 IoT and Blockchain 205
9.1.1 Public 208
9.1.1.1 Proof of Work (PoW) 209
9.1.1.2 Proof of Stake (PoS) 209
9.1.1.3 Delegated Proof of Stake (DPoS) 210
9.1.2 Private 210
9.1.3 Consortium or Federated 210
9.2 IoT Application Domains and Challenges in Data Sharing 211
9.3 Why Blockchain? 214
9.4 IoT Data Sharing Security Mechanism On Blockchain 216
9.4.1 Double-Chain Mode Based On Blockchain Technology 216
9.4.2 Blockchain Structure Based On Time Stamp 217
9.5 Conclusion 219
References 219
10 A Review of Face Analysis Techniques for Conventional and Forensic Applications 223
Chethana H.T. and Trisiladevi C. Nagavi
10.1 Introduction 224
10.2 Face Recognition 225
10.2.1 Literature Review on Face Recognition 226
10.2.2 Challenges in Face Recognition 228
10.2.3 Applications of Face Recognition 229
10.3 Forensic Face Recognition 229
10.3.1 Literature Review on Face Recognition for Forensics 231
10.3.2 Challenges of Face Recognition in Forensics 233
10.3.3 Possible Datasets Used for Forensic Face Recognition 235
10.3.4 Fundamental Factors for Improving Forensics Science 235
10.3.5 Future Perspectives 237
10.4 Conclusion 238
References 238
11 Roadmap of Digital Forensics Investigation Process with Discovery of Tools 241
Anita Patil, Soumi Banerjee, Dipti Jadhav and Gautam Borkar
11.1 Introduction 242
11.2 Phases of Digital Forensics Process 244
11.2.1 Phase I - Identification 244
11.2.2 Phase II - Acquisition and Collection 245
11.2.3 Phase III - Analysis and Examination 245
11.2.4 Phase IV - Reporting 245
11.3 Analysis of Challenges and Need of Digital Forensics 246
11.3.1 Digital Forensics Process has following Challenges 246
11.3.2 Needs of Digital Forensics Investigation 247
11.3.3 Other Common Attacks Used to Commit the Crime 248
11.4 Appropriateness of Forensics Tool 248
11.4.1 Level of Skill 248
11.4.2 Outputs 252
11.4.3 Region of Emphasis 252
11.4.4 Support for Additional Hardware 252
11.5 Phase-Wise Digital Forensics Techniques 253
11.5.1 Identification 253
11.5.2 Acquisition 254
11.5.3 Analysis 256
11.5.3.1 Data Carving 257
11.5.3.2 Different Curving Techniques 259
11.5.3.3 Volatile Data Forensic Toolkit Used to Collect and Analyze the Data from Device 260
11.5.4 Report Writing 265
11.6 Pros and Cons of Digital Forensics Investigation Process 266
11.6.1 Advantages of Digital Forensics 266
11.6.2 Disadvantages of Digital Forensics 266
11.7 Conclusion 267
References 267
12 Utilizing Machine Learning and Deep Learning in Cybesecurity: An Innovative Approach 271
Dushyant Kaushik, Muskan Garg, Annu, Ankur Gupta and Sabyasachi Pramanik
12.1 Introduction 271
12.1.1 Protections of Cybersecurity 272
12.1.2 Machine Learning 274
12.1.3 Deep Learning 276
12.1.4 Machine Learning and Deep Learning: Similarities and Differences 278
12.2 Proposed Method 281
12.2.1 The Dataset Overview 282
12.2.2 Data Analysis and Model for Classification 283
12.3 Experimental Studies and Outcomes Analysis 283
12.3.1 Metrics on Performance Assessment 284
12.3.2 Result and Outcomes 285
12.3.2.1 Issue 1: Classify the Various Categories of Feedback Related to the Malevolent Code Provided 285
12.3.2.2 Issue 2: Recognition of the Various Categories of Feedback Related to the Malware Presented 286
12.3.2.3 Issue 3: According to the Malicious Code, Distinguishing Various Forms of Malware 287
12.3.2.4 Issue 4: Detection of Various Malware Styles Based on Different Responses 287
12.3.3 Discussion 288
12.4 Conclusions and Future Scope 289
References 292
13 Applications of Machine Learning Techniques in the Realm of Cybersecurity 295
Koushal Kumar and Bhagwati Prasad Pande
13.1 Introduction 296
13.2 A Brief Literature Review 298
13.3 Machine Learning and Cybersecurity: Various Issues 300
13.3.1 Effectiveness of ML Technology in Cybersecurity Systems 300
13.3.2 Machine Learning Problems and Challenges in Cybersecurity 302
13.3.2.1 Lack of Appropriate Datasets 302
13.3.2.2 Reduction in False Positives and False Negatives 302
13.3.2.3 Adversarial Machine Learning 302
13.3.2.4 Lack of Feature Engineering Techniques 303
13.3.2.5 Context-Awareness in Cybersecurity 303
13.3.3 Is Machine Learning Enough to Stop Cybercrime? 304
13.4 ML Datasets and Algorithms Used in Cybersecurity 304
13.4.1 Study of Available ML-Driven Datasets Available for Cybersecurity 304
13.4.1.1 KDD Cup 1999 Dataset (DARPA1998) 305
13.4.1.2 NSL-KDD Dataset 305
13.4.1.3 ECML-PKDD 2007 Discovery Challenge Dataset 305
13.4.1.4 Malicious URL's Detection Dataset 306
13.4.1.5 ISOT (Information Security and Object Technology) Botnet Dataset 306
13.4.1.6 CTU-13 Dataset 306
13.4.1.7 MAWILab Anomaly Detection Dataset 307
13.4.1.8 ADFA-LD and ADFA-WD Datasets 307
13.4.2 Applications ML Algorithms in Cybersecurity Affairs 307
13.4.2.1 Clustering 309
13.4.2.2 Support Vector Machine (SVM) 309
13.4.2.3 Nearest Neighbor (NN) 309
13.4.2.4 Decision Tree 309
13.4.2.5 Dimensionality Reduction 310
13.5 Applications of Machine Learning in the Realm of Cybersecurity 310
13.5.1 Facebook Monitors and Identifies Cybersecurity Threats with ML 310
13.5.2 Microsoft Employs ML for Security 311
13.5.3 Applications of ML by Google 312
13.6 Conclusions 313
References 313
14 Security Improvement Technique for Distributed Control System (DCS) and Supervisory Control-Data Acquisition (SCADA) Using Blockchain at Dark Web Platform 317
Anand Singh Rajawat, Romil Rawat and Kanishk Barhanpurkar
14.1 Introduction 318
14.2 Significance of Security Improvement in DCS and SCADA 322
14.3 Related Work 323
14.4 Proposed Methodology 324
14.4.1 Algorithms Used for Implementation 327
14.4.2 Components of a Blockchain 327
14.4.3 MERKLE Tree 328
14.4.4 The Technique of Stack and Work Proof 328
14.4.5 Smart Contracts 329
14.5 Result Analysis 329
14.6 Conclusion 330
References 331
15 Recent Techniques for Exploitation and Protection of Common Malicious Inputs to Online Applications 335
Dr. Tun Myat Aung and Ni Ni Hla
15.1 Introduction 335
15.2 SQL Injection 336
15.2.1 Introduction 336
15.2.2 Exploitation Techniques 337
15.2.2.1 In-Band SQL Injection 337
15.2.2.2 Inferential SQL Injection 338
15.2.2.3 Out-of-Band SQL Injection 340
15.2.3 Causes of Vulnerability 340
15.2.4 Protection Techniques 341
15.2.4.1 Input Validation 341
15.2.4.2 Data Sanitization 341
15.2.4.3 Use of Prepared Statements 342
15.2.4.4 Limitation of Database Permission 343
15.2.4.5 Using Encryption 343
15.3 Cross Site Scripting 344
15.3.1 Introduction 344
15.3.2 Exploitation Techniques 344
15.3.2.1 Reflected Cross Site Scripting 345
15.3.2.2 Stored Cross Site Scripting 345
15.3.2.3 DOM-Based Cross Site Scripting 346
15.3.3 Causes of Vulnerability 346
15.3.4 Protection Techniques 347
15.3.4.1 Data Validation 347
15.3.4.2 Data Sanitization 347
15.3.4.3 Escaping on Output 347
15.3.4.4 Use of Content Security Policy 348
15.4 Cross Site Request Forgery 349
15.4.1 Introduction 349
15.4.2 Exploitation Techniques 349
15.4.2.1 HTTP Request with GET Method 349
15.4.2.2 HTTP Request with POST Method 350
15.4.3 Causes of Vulnerability 350
15.4.3.1 Session Cookie Handling Mechanism 350
15.4.3.2 HTML Tag 351
15.4.3.3 Browser's View Source Option 351
15.4.3.4 GET and POST Method 351
15.4.4 Protection Techniques 351
15.4.4.1 Checking HTTP Referer 351
15.4.4.2 Using Custom Header 352
15.4.4.3 Using Anti-CSRF Tokens 352
15.4.4.4 Using a Random Value for each Form Field 352
15.4.4.5 Limiting the Lifetime of Authentication Cookies 353
15.5 Command Injection 353
15.5.1 Introduction 353
15.5.2 Exploitation Techniques 354
15.5.3 Causes of Vulnerability 354
15.5.4 Protection Techniques 355
15.6 File Inclusion 355
15.6.1 Introduction 355
15.6.2 Exploitation Techniques 355
15.6.2.1 Remote File Inclusion 355
15.6.2.2 Local File Inclusion 356
15.6.3 Causes of Vulnerability 357
15.6.4 Protection Techniques 357
15.7 Conclusion 358
References 358
16 Ransomware: Threats, Identification and Prevention 361
Sweta Thakur, Sangita Chaudhari and Bharti Joshi
16.1 Introduction 361
16.2 Types of Ransomwares 364
16.2.1 Locker Ransomware 364
16.2.1.1 Reveton Ransomware 365
16.2.1.2 Locky Ransomware 366
16.2.1.3 CTB Locker Ransomware 366
16.2.1.4 TorrentLocker Ransomware 366
16.2.2 Crypto Ransomware 367
16.2.2.1 PC Cyborg Ransomware 367
16.2.2.2 OneHalf Ransomware 367
16.2.2.3 GPCode Ransomware 367
16.2.2.4 CryptoLocker Ransomware 368
16.2.2.5 CryptoDefense Ransomware 368
16.2.2.6 CryptoWall Ransomware 368
16.2.2.7 TeslaCrypt Ransomware 368
16.2.2.8 Cerber Ransomware 368
16.2.2.9 Jigsaw Ransomware 369
16.2.2.10 Bad Rabbit Ransomware 369
16.2.2.11 WannaCry Ransomware 369
16.2.2.12 Petya Ransomware 369
16.2.2.13 Gandcrab Ransomware 369
16.2.2.14 Rapid Ransomware 370
16.2.2.15 Ryuk Ransomware 370
16.2.2.16 Lockergoga Ransomware 370
16.2.2.17 PewCrypt Ransomware 370
16.2.2.18 Dhrama/Crysis Ransomware 370
16.2.2.19 Phobos Ransomware 371
16.2.2.20 Malito Ransomware 371
16.2.2.21 LockBit Ransomware 371
16.2.2.22 GoldenEye Ransomware 371
16.2.2.23 REvil or Sodinokibi Ransomware 371
16.2.2.24 Nemty Ransomware 371
16.2.2.25 Nephilim Ransomware 372
16.2.2.26 Maze Ransomware 372
16.2.2.27 Sekhmet Ransomware 372
16.2.3 MAC Ransomware 372
16.2.3.1 KeRanger Ransomware 373
16.2.3.2 Go Pher Ransomware 373
16.2.3.3 FBI Ransom Ransomware 373
16.2.3.4 File Coder 373
16.2.3.5 Patcher 373
16.2.3.6 ThiefQuest Ransomware 374
16.2.3.7 Keydnap Ransomware 374
16.2.3.8 Bird Miner Ransomware 374
16.3 Ransomware Life Cycle 374
16.4 Detection Strategies 376
16.4.1 Unevil 376
16.4.2 Detecting File Lockers 376
16.4.3 Detecting Screen Lockers 377
16.4.4 Connection-Monitor and Connection-Breaker Approach 377
16.4.5 Ransomware Detection by Mining API Call Usage 377
16.4.6 A New Static-Based Framework for Ransomware Detection 377
16.4.7 White List-Based Ransomware Real-Time Detection Prevention (WRDP) 378
16.5 Analysis of Ransomware 378
16.5.1 Static Analysis 379
16.5.2 Dynamic Analysis 379
16.6 Prevention Strategies 380
16.6.1 Access Control 380
16.6.2 Recovery After Infection 380
16.6.3 Trapping Attacker 380
16.7 Ransomware Traits Analysis 380
16.8 Research Directions 384
16.9 Conclusion 384
References 384
Index 389
Sabyasachi Pramanik, PhD, is an assistant professor in the Department of Computer Science and Engineering, Haldia Institute of Technology, India. He earned his doctorate in computer science and engineering from the Sri Satya Sai University of Technology and Medical Sciences, Bhopal, India. He has many publications in various reputed international conferences, journals, and online book chapter contributions and is also serving as the editorial board member of many international journals. He is a reviewer of journal articles in numerous technical journals and has been a keynote speaker, session chair and technical program committee member in many international conferences. He has authored a book on wireless sensor networks and is currently editing six books for multiple publishers, including Scrivener Publishing.
Ramchandra Mangrulkar, PhD, is an associate professor in the Department of Computer Engineering at SVKM's Dwarkadas J. Sanghvi College of Engineering, Mumbai, Maharashtra, India. He has published 48 papers and 12 book chapters and presented significant papers at technical conferences. He has also chaired many conferences as a session chair and conducted various workshops and is also a ICSI-CNSS Certified Network Security Specialist. He is an active member on boards of studies in various universities and institutes in India.
Dac-Nhuong Le, PhD, is an associate professor and associate dean at Haiphong University, Vietnam. He earned his MSc and PhD in computer science from Vietnam National University, and he has over 20 years of teaching experience. He has over 50 publications in reputed international conferences, journals and online book chapter contributions and has chaired numerous international conferences. He has served on numerous editorial boards for scientific and technical journals and has authored or edited over 15 books by various publishers, including Scrivener Publishing.