Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security and Digital Forensics August 20, 2007
Outline l Data and Applications Security - Developments and Directions l Some Emerging Technologies - Digital watermarking, Biometrics, Digital Forensics, - - -
Developments in Data and Applications Security: Present l Access Control for Systems R and Ingres (mid 1970s) l Multilevel secure database systems (1980 – present) - Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operational systems; Object data systems; Inference problem and deductive database system; Transactions l Recent developments in Secure Data Management (1996 – Present) - Secure data warehousing, Role-based access control (RBAC); E- commerce; XML security and Secure Semantic Web; Data mining for intrusion detection and national security; Privacy; Dependable data management; Secure knowledge management and collaboration; emerging technologies such as biometrics and digital forensics
Developments in Data and Applications Security: Multilevel Secure Databases - I l Air Force Summer Study in 1982 l Early systems based on Integrity Lock approach l Systems in the mid to late 1980s, early 90s - E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW - Prototypes and commercial products - Trusted Database Interpretation and Evaluation of Commercial Products l Secure Distributed Databases (late 80s to mid 90s) - Architectures; Algorithms and Prototype for distributed query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data management
Developments in Data and Applications Security: Multilevel Secure Databases - II l Inference Problem (mid 80s to mid 90s) - Unsolvability of the inference problem; Security constraint processing during query, update and database design operations; Semantic models and conceptual structures l Secure Object Databases and Systems (late 80s to mid 90s) - Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure multimedia data management l Secure Transactions (1990s) - Single Level/ Multilevel Transactions; Secure recovery and commit protocols
Some Directions and Challenges for Data and Applications Security - I l Secure semantic web - Security models l Secure Information Integration - How do you securely integrate numerous and heterogeneous data sources on the web and otherwise l Secure Sensor Information Management - Fusing and managing data/information from distributed and autonomous sensors l Secure Dependable Information Management - Integrating Security, Real-time Processing and Fault Tolerance l Data Sharing vs. Privacy - Federated database architectures?
Some Directions and Challenges for Data and Applications Security - II l Data mining and knowledge discovery for intrusion detection - Need realistic models; real-time data mining l Secure knowledge management - Protect the assets and intellectual rights of an organization l Information assurance, Infrastructure protection, Access Control - Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applications l Security for emerging applications - Geospatial, Biomedical, E-Commerce, etc. l Other Directions - Trust and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing, Emerging technologies such as digital forensics
Emerging Technologies in Data and Applications Security l Digital Identity Management l Identity Theft Management l Digital Watermarking l Risk Analysis l Economic Analysis l Secure Electronic Voting Machines l Biometrics l Digital Forensics
Digital Identity Management l Digital identity is the identity that a user has to access an electronic resource l A person could have multiple identities - A physician could have an identity to access medical resources and another to access his bank accounts l Digital identity management is about managing the multiple identities - Manage databases that store and retrieve identities - Resolve conflicts and heterogeneity - Make associations - Provide security l Ontology management for identity management is an emerging research area
Digital Identity Management - II l Federated Identity Management - Corporations work with each other across organizational boundaries with the concept of federated identity - Each corporation has its own identity and may belong to multiple federations - Individual identity management within an organization and federated identity management across organizations l Technologies for identity management - Database management, data mining, ontology management, federated computing
Identity Theft Management l Need for secure identity management - Ease the burden of managing numerous identities - Prevent misuse of identity: preventing identity theft l Identity theft is stealing another person’s digital identity l Techniques for preventing identity thefts include - Access control, Encryption, Digital Signatures - A merchant encrypts the data and signs with the public key of the recipient - Recipient decrypts with his private key
Steganography and Digital Watermarking l Steganography is about hiding information within other information - E.g., hidden information is the message that terrorist may be sending to their pees in different parts of the worlds - Information may be hidden in valid texts, images, films etc. - Difficult to be detected by the unsuspecting human l Steganalysis is about developing techniques that can analyze text, images, video and detect hidden messages - May use data mining techniques to detect hidden patters l Steganograophy makes the task of the Cyber crime expert difficult as he/she ahs to analyze for hidden information - Communication protocols are being developed
Steganography and Digital Watermarking - II l Digital water marking is about inserting information without being detected for valid purposes - It has applications in copyright protection - A manufacturer may use digital watermarking to copyright a particular music or video without being noticed - When music is copies and copyright is violated, one can detect two the real owner is by examining the copyright embedded in the music or video
Risk Analysis l Analyzing risks - Before installing a secure system or a network one needs to conduct a risk analysis study - What are the threats? What are the risks? l Various types of risk analysis methods - Quantitative approach: Events are ranked in the order of risks and decisions are made based on then risks Qualitative approach: estimates are used for risks
Economics Analysis l Security vs Cost - If risks are high and damage is significant then it may be worth the cost of incorporating security - If risks and damage are not high, then security may be an additional cost burden l Economists and technologists need to work together - Develop cost models - Cost vs. Risk/Threat study
Secure Electronic Voting Machines l We are slowly migrating to electronic voting machines l Current electronic machines have many security vulnerabilities l A person can log into the system multiple times from different parts of the country and cast his/her vote l Insufficient techniques for ensuring that a person can vote only once l The systems may be attacked and compromised l Solutions are being developed l Johns Hopkins University is one of the leaders in the field of secure electronic voting machines
Biometrics l Early Identication and Authentication (I&A) systems, were based on passwords l Recently physical characteristics of a person are being sued for identification - Fingerprinting - Facial features - Iris scans - Blood circulation - Facial expressions l Biometrics techniques will provide access not only to computers but also to building and homes l Other Applications
Digital Forensics l Digital forensics is about the investigation of crime including using digital/computer methods l More formally: “Digital forensics, also known as computer forensics, involved the preservation, identification, extraction, and documentation of computer evidence stored as data or magnetically encoded information”, by John Vacca l Digital evidence may be used to analyze cyber crime (e.g. Worms and virus), physical crime (e.g., homicide) or crime committed through the use of computers (e.g., child pornography)
Digital Forensics - II l The steps include the following: - When a crime occurs, law enforcement officials gather every piece of evidence including information from the crime scene as well as from the computers - The evidence gathered is analyzed - Techniques include l Intrusion detection l Data Mining l Analyzing log files l Analyze messages l Lawyers, Psychologists, Sociologists, Crime investigators and Technologists have to work together l International Journal of Digital Evidence is a useful source
Information Sharing between Trustworthy, Semi- trustworthy and Untrustworthy Partners Export Data/Policy Component Data/Policy for Agency A Data/Policy for Federation Export Data/Policy Component Data/Policy for Agency C Component Data/Policy for Agency B Export Data/Policy