http://hdl.handle.net/10204/3216 2013-05-24T23:54:21Z http://hdl.handle.net/10204/6696 Title: An advanced mutual-authentication algorithm using 3DES for smart card systems Authors: Tsague, HD; Nelwamondo, F; Msimang, N Abstract: One of the most commonly used two-factor user authentication mechanisms nowadays is based on smart card and personal identity number or password. A scheme of this type is usually known as, a smart card based password authentication. The core feature of such a scheme is to enforce two-factor authentication in the sense that, the client must have the smart card and know the card PIN number in order to gain access to the server. In this paper, we propose and advanced remote mutual authentication scheme between a smart card, a smart card reader and the backend server database to ensure system security integrity. Our scheme provides high security and mutual authentication at a reasonable computational cost. Furthermore, it restricts most of the current attack mechanisms. It is simple and can be adapted to any kind of lightweight devices. Description: 2nd International Conference on Cloud and Green Computing (CGC 2012), Xiangtan, Hunan, China, 1-3 November 2012. To be published in IEEE Xpolre. 2012-11-01T00:00:00Z http://hdl.handle.net/10204/6654 Title: A forensic readiness model for Wireless Local Area Networks Authors: Ngobeni, S; Venter, H; Burke, I Abstract: Over the past decade, wireless mobile communications technology based on IEEE 802.11 wireless local area networks (WLANs) has been adopted worldwide on a massive scale. However, as the number of wireless users has soared, so has the possibility of cyber crime, where criminals deliberately and actively break into WLANs with the intent to cause harm or access sensitive information. WLAN digital forensics is seen not only as a response to cyber crime in wireless environments, but also as a means to stem the increase of cyber crime in WLANs. The challenge in WLAN digital forensics is to intercept and preserve all the communications generated by the mobile devices and conduct a proper digital forensic investigation. This paper attempts to address this issue by proposing a wireless forensic readiness model designed to help monitor, log and preserve wireless network traffic for digital forensic investigations. A prototype implementation of the wireless forensic readiness model is presented as a proof of concept. Description: Copyright: Springer, Berlin, Heidelberg 2010-01-01T00:00:00Z http://hdl.handle.net/10204/6574 Title: Practical application of open source frameworks to achieve anti-virus avoidance Authors: Swart, I Abstract: A common aim of malware creators is to have the ability to spread their software undetected through various networks until the required goal is completed. In response to this, anti-virus vendors have implemented various strategies to detect viruses as they attempt to execute and propagate from one target to the next. Some of the anti-virus vendors claim to achieve impressive success rates as high as 98.7% that indicates the problem of spreading viruses and malware is well taken care of. Yet, despite the impressive detection rates, a proliferation of open source tools, frameworks and utilities are being introduced that claim to have the ability to avoid anti-virus detection. As an example, the very popular Metasploit framework has several encoders available that can alter the virus signature in such a way that it will avoid the anti-virus engine and allow the malicious code to be executed. This approach has been implemented and simplified in the Social Engineering Toolkit (SET) as part of a menu driven approach that is accessible to people with a relatively low skill level. The SET framework, implemented in Metasploit, is only one such framework and several more specialised open source tools exist, that does not only focus on encoding but on other common anti-virus avoidance techniques such as binary editing, packing and encryption. Open source packages such as UPX compress the data in the selected virus executable to such an extent that it will most likely completely circumvent the anti-virus and similarly so for a program that is encrypted with a common encryption product such as TrueCrypt. Should the anti-virus still detect the offending executable after either packing or encryption a combination of the two applications might yield superior results. The aim of this paper is to experiment on a common executable that is classified as malware e.g. the meterpreter module of Metasploit, and make use of the various open source frameworks and utilities to document the techniques and success rate of anti-virus avoidance. By presenting the results of this research, it will contribute to the understanding of security personnel / researchers on what can be achieved with open source frameworks and how to better protect against the virus threat. Description: 11th European Conference on Information Warfare and Security (ECIW 2012), Laval, France, 5-6 July 2012. Published in Academic conferences. 2012-07-01T00:00:00Z http://hdl.handle.net/10204/6540 Title: Towards a Cyberterrorism Life-Cycle (CLC) Model Authors: Veerasamy, N; Grobler, M; Von Solms, S Abstract: Cyberterrorism has emerged as a new threat in the Information and Communication Technology (ICT) landscape. The ease of use, affordability, remote capabilities and access to critical targets makes cyberterrorism a potential threat to cause wide-scale damage. Cyberterrorism is often incorrectly perceived as encompassing all cybercrimes. However, cyberterrorism differs from cybercrime in various ways including motivation, attack goals, techniques and effects. Motivations for cyberterrorism, which is similar to terrorism in general, stem from religious, social and political views. Cyberterrorists generally would seek to have high impact in order to gain publicity for their cause, whereas cybercriminals often prefer to have their acts undetected in order to hide their financial theft, fraud or espionage. Therefore, there are various factors that drive the development of a cyberterrorist. This paper proposes a model for the development of cyberterrorism in order to show the various influential forces. The Cyberterrorism Life-Cycle (CLC) model presented in this paper is composed of five phases: Prepare, Acquaint, Choose, Execute, and Deter (PACED). In addition the paper looks at various factors, including social, practices, objectives, targets and countermeasures, which are mapped onto the PACED phases in order to show the interaction and dynamic nature during the life-cycle development. Description: Proceedings of the 4th Workshop on ICT Uses in Warfare and the Safeguarding of Peace 2012 (IWSP 2012), Sandton, 16 August 2012 2012-08-01T00:00:00Z