oalib

Publish in OALib Journal

ISSN: 2333-9721

APC: Only $99

Submit

Any time

2019 ( 49 )

2018 ( 67 )

2017 ( 86 )

2016 ( 82 )

Custom range...

Search Results: 1 - 10 of 23900 matches for " Kim-Kwang Raymond Choo "
All listed articles are free for downloading (OA Articles)
Page 1 /23900
Display every page Item
On the Security of Lee, Kim, Kim, & Oh Key Agreement Protocol
Kim-Kwang Raymond Choo
International Journal of Network Security , 2006,
Abstract: In ICCSA 2005, Lee, Kim, Kim, & Oh proposed a new (two-party) ID-based key agreement protocol, which they claimed to provide known key security resilience, forward secrecy, key compromise resilience, unknown key share resilience, and key control, however, without providing any security proofs. In this work, we demonstrate that their claims of known key security resilience and key control are flawed by revealing previously unpublished flaw in the two-party ID-based key agreement protocol. We may speculate that such (trivial) errors could have been found by protocol designers if proofs of security were to be constructed, and hope this work will encourage future protocol designers to provide proofs of security. We conclude with a countermeasure due to Choo, Boyd, & Hitchcock (2005).
Refuting the Security Claims of Mathuria and Jain (2005) Key Agreement Protocols
Kim-Kwang Raymond Choo
International Journal of Network Security , 2008,
Abstract: Despite the importance of proofs in assuring protocol implementers about the security properties of key establishment protocols, many protocol designers fail to provide any proof of security. Flaws detected long after the publication and/or implementation of protocols will erode the credibility of key establishment protocols. We examine the class of key agreement protocols (without proofs of security) due to Mathuria and Jain (2005). Using these protocols as case studies, we demonstrate previously unpublished flaws in these protocols. We may speculate that such errors could have been found by protocol designers if proofs of security were to be constructed, and hope this work will encourage future protocol designers to provide proofs of security.
Revisiting Lee, Kim, & Yoo Authenticated Key Agreement Protocol
Kim-Kwang Raymond Choo
International Journal of Network Security , 2006,
Abstract: In recent issue of Journal of Applied Mathematics and Computation (2005), Lee, Kim, & Yoo revealed an attack on Hsu, Wu, & Wu (2003) authenticated key agreement protocol, and then presented an improved protocol. However, Lee, Kim, & Yoo (2005) present only heuristic argument with no formal proof of security. In this work, we revealed previously unpublished flaw in the protocol. We may speculate that such errors could have been found by protocol designers if proofs of security were to be constructed, and hope this work will encourage future protocol designers to provide proofs of security. We conclude with a countermeasure due to Choo, Boyd, & Hitchcock (2005).
Revisit of McCullagh-Barreto Two-party ID-based Authenticated Key Agreement Protocols
Kim-Kwang Raymond Choo
International Journal of Network Security , 2005,
Abstract: We revisit the two-party identity-based authenticated key agreement protocol (2P-IDAKA) and its variant resistant to key-compromise impersonation due to McCullagh & Barreto (2005). Protocol 2P-IDAKA carries a proof of security in the Bellare & Rogaway (1993) model. In this paper, we demonstrated why both the protocol and its variant are not secure if the adversary is allowed to send a Reveal query to reveal non-partner players who had accepted the same session key (i.e., termed key-replicating attack} in recent work of Krawczyk (2005)). We also demonstrate that both protocols do not achieve the key integrity property, first discussed by Janson & Tsudik (1995).
A Forensically Sound Adversary Model for Mobile Devices
Quang Do,Ben Martini,Kim-Kwang Raymond Choo
Computer Science , 2015, DOI: 10.1371/journal.pone.0138449
Abstract: In this paper, we propose an adversary model to facilitate forensic investigations of mobile devices (e.g. Android, iOS and Windows smartphones) that can be readily adapted to the latest mobile device technologies. This is essential given the ongoing and rapidly changing nature of mobile device technologies. An integral principle and significant constraint upon forensic practitioners is that of forensic soundness. Our adversary model specifically considers and integrates the constraints of forensic soundness on the adversary, in our case, a forensic practitioner. One construction of the adversary model is an evidence collection and analysis methodology for Android devices. Using the methodology with six popular cloud apps, we were successful in extracting various information of forensic interest in both the external and internal storage of the mobile device.
Forensic Taxonomy of Popular Android mHealth Apps
Abdullah Azfar,Kim-Kwang Raymond Choo,Lin Liu
Computer Science , 2015,
Abstract: Mobile health applications (or mHealth apps, as they are commonly known) are increasingly popular with both individual end users and user groups such as physicians. Due to their ability to access, store and transmit personally identifiable and sensitive information (e.g. geolocation information and personal details), they are potentially an important source of evidentiary materials in digital investigations. In this paper, we examine 40 popular Android mHealth apps. Based on our findings, we propose a taxonomy incorporating artefacts of forensic interest to facilitate the timely collection and analysis of evidentiary materials from mobile devices involving the use of such apps. Artefacts of forensic interest recovered include user details and email addresses, chronology of user locations and food habits. We are also able to recover user credentials (e.g. user password and four-digit app login PIN number), locate user profile pictures and identify timestamp associated with the location of a user.
Factors Influencing the Adoption of Cloud Incident Handling Strategy: A Preliminary Study in Malaysia
Nurul Hidayah Ab Rahman,Kim-Kwang Raymond Choo
Computer Science , 2015,
Abstract: This study seeks to understand the factors influencing the adoption of an incident handling strategy by organisational cloud service users. We propose a conceptual model that draws upon the Situation Awareness (SA) model and Protection Motivation Theory (PMT) to guide this research. 40 organisational cloud service users in Malaysia were surveyed. We also conduct face-to-face interviews with participants from four of the organisations. Findings from the study indicate that four PMT factors (Perceived Vulnerability, Self-Efficacy, Response Efficacy, and Perceived Severity) have a significantly influence on the adoption of cloud incident handling strategy within the organisations. We, therefore, suggest a successful adoption cloud incident handling strategy by organisational cloud service users involves the nexus between these four PMT factors. We also outline future research required to validate the model.
Privacy Risks in Mobile Dating Apps
Jody Farnden,Ben Martini,Kim-Kwang Raymond Choo
Computer Science , 2015,
Abstract: Dating apps for mobile devices, one popular GeoSocial app category, are growing increasingly popular. These apps encourage the sharing of more personal information than conventional social media apps, including continuous location data. However, recent high profile incidents have highlighted the privacy risks inherent in using these apps. In this paper, we present a case study utilizing forensic techniques on nine popular proximity-based dating apps in order to determine the types of data that can be recovered from user devices. We recover a number of data types from these apps that raise concerns about user privacy. For example, we determine that chat messages could be recovered in at least half of the apps examined and, in some cases, the details of any users that had been discovered nearby could also be extracted.
Conceptual evidence collection and analysis methodology for Android devices
Ben Martini,Quang Do,Kim-Kwang Raymond Choo
Computer Science , 2015, DOI: 10.1016/B978-0-12-801595-7.00014-8
Abstract: Android devices continue to grow in popularity and capability meaning the need for a forensically sound evidence collection methodology for these devices also increases. This chapter proposes a methodology for evidence collection and analysis for Android devices that is, as far as practical, device agnostic. Android devices may contain a significant amount of evidential data that could be essential to a forensic practitioner in their investigations. However, the retrieval of this data requires that the practitioner understand and utilize techniques to analyze information collected from the device. The major contribution of this research is an in-depth evidence collection and analysis methodology for forensic practitioners.
Mobile Cloud Forensics: An Analysis of Seven Popular Android Apps
Ben Martini,Quang Do,Kim-Kwang Raymond Choo
Computer Science , 2015, DOI: 10.1016/B978-0-12-801595-7.00015-X
Abstract: Using the evidence collection and analysis methodology for Android devices proposed by Martini, Do and Choo, we examined and analyzed seven popular Android cloud-based apps. Firstly, we analyzed each app in order to see what information could be obtained from their private app storage and SD card directories. We collated the information and used it to aid our investigation of each app database files and AccountManager data. To complete our understanding of the forensic artefacts stored by apps we analyzed, we performed further analysis on the apps to determine if the user authentication credentials could be collected for each app based on the information gained in the initial analysis stages. The contributions of this research include a detailed description of artefacts, which are of general forensic interest, for each app analyzed.
Page 1 /23900
Display every page Item


Home
Copyright © 2008-2017 Open Access Library. All rights reserved.