submit Opinions CrossRef Open Access Subscribe New Journal Ideal

Click on image to enlarge

Indexed in Scopus

Journal of Cyber Security and Mobility

Ashutosh Dutta, AT&T, USA
Ruby Lee, Princeton University, USA
Neeli R. Prasad, CTIF-USA, Aalborg University, Denmark
Wojciech Mazurczyk, Warsaw University of Technology, Poland

Associate Editor:
Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur, India

ISSN: 2245-1439 (Print Version),

ISSN: 2245-4578 (Online Version)
Vol: 5   Issue: 2

Published In:   April 2016

Publication Frequency: Quarterly

Search Availabe Volume and Issue for Journal of Cyber Security and Mobility

Journal Description        Editorial Foreword        Read Full Articles        Editorial Board        Subscription        Indexed       Opinions

Lazarus: Data Leakage with PGP and Resurrection of the Revoked User

doi: 10.13052/jcsm2245-1439.521
Rodrigo Ruiz1 and Rogério Winter2

1CTI Renato Archer, Campinas, Brazil
2Brazilian Army, Campinas, Brazil

Abstract: [+]    |    Download File [ 2743KB ]   |    Read Article Online

Abstract: The cybersecurity is the issue on the international agenda. The abuse of communication and faulty software is a common practice that brings the decade of 70. Invariably technology is the great protagonist of data leakage and loss of privacy. However, issues related to cybersecurity are founded on sociotechnical approach: technology, people, processes and environment, which interact indistinctly in a sensitive relationship. In this intricate sociotechnical environment of cybersecurity, this paper discloses a flaw in Symantec Encryption Desktop (SED), which can allow the leakage of sensitive information from governments, military and research centers around the world. In this context, as an example, the National Aeronautics and Space Administration (NASA) uses the Symantec Pretty Good Privacy (PGP) Encryption Desktop (SED). The Technology is not the main culprit for data leakage. Sometimes, the users are influenced by sophisticated marketing campaigns, which reaffirms the quality of products and services. In practice, this work is focused in the design errors and past vulnerabilities which are still present in recent technolo

Keywords: Data Leakage, Privacy, Data Loss, Drive Encryption, Encryption, PGP, Symantec, NASA.

Challenges of Network Forensic Investigation in Virtual Networks

doi: 10.13052/jcsm2245-1439.522
Daniel Spiekermann1 and Tobias Eggendorfer2

1FernUniversit¨at Hagen, Germany
2Hochschule Ravensburg-Weingarten, Germany

Abstract: [+]    |    Download File [ 392KB ]   |    Read Article Online

Abstract: The evolution of virtualization techniques is changing operating principles in today’s datacenters. Virtualization of servers, networks and storage increases the flexibility and dynamic of the environment by reducing the administrative overhead. Based on a physical underlay network, different logical networks are implemented with new protocols like VXLAN, STT or GENEVE. New paradigms like Software-Defined-Networks or Network Function Virtualization offer new capabilities to redesign the whole network infrastructure. This trend creates new challenges for digital investigations analysing incidents by extracting and interpreting recorded data inside the environment. As a branch of digital investigation, network forensic investigation is used to examine network traffic by capturing the data of a suspicious target system and analysing this data. In this article, we analyse in detail new challenges in investigating virtual networks.We propose a classification in three categories, which might help to develop new methods and possible solutions to simplify further necessary investigations in virtual network environments. The defined challenges are classified according their potential to impede the investigation. Based on this classification we derive a list of basic conditions, describing different necessary requirements to implement a successful, valid and ongoing network forensic investigation in these virtual networks.

Keywords: Virtual networks, network forensic, digital investigation.

SMS-Based Mobile Botnet Detection Framework Using Intelligent Agents

doi: 10.13052/jcsm2245-1439.523
Abdullah J. Alzahrani1 and Ali A. Ghorbani2

1Assistant Professor at The College of Computer Science and Engineering (CCSE), University of Hail (UOH), Saudi Arabia
2Professor and Dean, Director, Canadian Institute for Cybersecurity, Canada Research Chair in Cybersecurity

Abstract: [+]    |    Download File [ 1053KB ]   |    Read Article Online

Abstract: Along with increasing security measures in Android platforms, the amount of Android malware that use remote exploits has grown significantly. Using mobile botnets, attackers concentrate on reliable attack vectors such as SMS messages. Short Message Service (SMS) has been increasingly targeted by a number of malicious applications (“apps”) that have the ability to abuse SMS features in order to send spam, to transfer command and control (C&C) instructions, to distribute malicious applications via URLs embedded in text messages, to send text messages to premium-rate numbers, and to exploit smartphones.

In this paper, we propose an SMS-based botnet detection formwork that uses multi-agent technology based on observations of SMS and Android smartphone features. This formwork has the ability to detect SMS botnets and identify ways to block the attacks in order to prevent damage caused by botnet attacks. We developed an adaptive hybrid model of SMS botnet detectors by using a combination of signature-based and anomaly-based algorithms. These components utilize multi-agent technology to recognize malicious SMS and prevent users from opening these messages that infecting smartphones.This framework includes defence module that employed a more proactive approach that allows us to directly generate signatures and rules that can be used to protect Android smartphones from abuse by SMS botnets. The framework creates a user profile that is used to perform behavioural profiling analysis in order to identity malicious SMS and cut the C&C Channel.

Keywords: SMS, mobile botnet, intrusion detection, Android malware, multi-agent system.

A Hash Key-Based Key Management Mechanism for Cluster-Based Wireless Sensor Network

doi: 10.13052/jcsm2245-1439.524
Sachin D. Babar and Parikshit N. Mahalle

Sinhgad Techincal Education Society, Pune, Maharashtra, India

Abstract: [+]    |    Download File [ 1875KB ]   |    Read Article Online

Abstract: The growth of wireless sensor networks (WSNs) in the last few years, enhances the use, efficiency, and accuracy of a large number of applications such as defense, habitat monitoring, industrial, and many more. The performance of WSNis largely affected by the security, as large numbers of security attack are happening on the WSN. Therefore, it is necessary to have a security solution to use theWSN proficiently. The objective of this paper is to address the security problem of WSN by proposing the key management mechanism to establish the secure link for communication. The paper proposes the cluster-based key management technique based on hash key mechanism. The mechanism considers the key establishment and verification at two levels, one at onehop distance and the other at multi-hop destination. The proposed work is evaluated by considering the varying number of attackers in the network. The mechanism shows reduced packet lost rate and energy consumption as compared with one-hop key management solutions, by making the tradeoff of delay. The results shows the improvement in packet loss rate i.e., without any solution, if attack happens obviously the attack performance reduces with an increase in pack loss rate and after applying the solution, the packet loss rate is reduced.

Keywords: Wireless sensor network (WSNs), security, cluster-based, key management, hash key.

River Publishers: Journal of Cyber Security and Mobility