ISSN (Print): 2376-9602

ISSN (Online): 2376-9629

Editor-in-Chief: Sergii Kavun

Website: http://www.sciepub.com/journal/ISCF

   

Article

Investigation of Artefacts Left by BitTorrent Client in Windows 8 Registry

1Computer Department, Kaunas University of Technology, Kaunas, Lithuania


Information Security and Computer Fraud. 2015, 3(2), 25-31
doi: 10.12691/iscf-3-2-1
Copyright © 2015 Science and Education Publishing

Cite this paper:
Algimantas Venčkauskas, Robertas Damaševičius, Nerijus Jusas, Vacius Jusas, Stasys Maciulevičius, Romas Marcinkevičius, Kęstutis Paulikas, Jevgenijus Toldinas. Investigation of Artefacts Left by BitTorrent Client in Windows 8 Registry. Information Security and Computer Fraud. 2015; 3(2):25-31. doi: 10.12691/iscf-3-2-1.

Correspondence to: Vacius  Jusas, Computer Department, Kaunas University of Technology, Kaunas, Lithuania. Email: vacius.jusas@ktu.lt

Abstract

BitTorrent client application is a popular tool to download large files from Internet, but this application is quite frequently used for illegal purposes that are one of the types of cybercrimes. If order to fight against this type of cybercrime we carried out the research, during which we investigated the evidences left by BitTorrent client application in registry under Windows 8 operating system. The experiment was carried out in three steps: installation, download, and uninstallation. The snapshots of registry were taken and compared prior and after each step. Changes in Windows registry were collected and joined into tables. The experiment revealed that BitTorrent client application creates Windows registry artefacts that can contain information which might be used as evidence during an investigation. The evidence remains in the registry even after the removal of the application, although it can really prove the fact of usage of the application only. The investigation of file system can reveal the purpose and the contents of the BitTorrent client session.

Keywords

References

[1]  Horng, M.-F., Chen, C.-W., Chuang, C.-S. and Lin, C.-Y., “Identification and Analysis of P2P Traffic - An Example of BitTorrent,” in Proceedings of First International Conference on Innovative Computing Information and Control. 266-269. 2006.
 
[2]  Park, S., Chung, H., Lee, C., Lee, S. and Lee, K., “Methodology and Implementation for Tracking the File Sharers using BitTorrent,” Multimedia Tools Appl. 74(1). 271-286. 2015.
 
[3]  Schmidt, A. H., Antunes, R. S., Barcellos, M. P. and Gaspary, L. P., “Characterizing Dissemination of Illegal Copies of Content through Monitoring of BitTorrent Networks,” in: Proceedings of Network Operations and Management Symposium (NOMS), 327-334. 2012.
 
[4]  Liberatore, M., Erdely, R., Kerle, T., Levine, B. N. and Shields, C., “Forensic investigation of peer-to-peer file sharing networks,” Digital Investigation, 7, S95-S103. 2010.
 
[5]  Farina, J., Scanlon, M. and Kechadi, M-T., “BitTorrent Sync: First Impressions and Digital Forensic Implications,” Digital Investigation, 11(S1), S77-S86. May 2014.
 
Show More References
[6]  Scanlon, M., Farina, J. and Kechadi, M-T., “BitTorrent Sync: Network Investigation Methodology,” in Proceedings of Ninth International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland, 21-29. September 2014.
 
[7]  Cohen, B., “Incentives Build Robustness in BitTorrent,” in Proceedings of the Workshop on Economics of Peer-to-Peer systems, 6, 68-72. 2003.
 
[8]  Mansilha, R. B., Bays, L. R., Lehmann, M. B., Mezzomo, A., Gaspary, L. P. and Barcellos, M. P., “Observing the BitTorrent Universe through Telescopes,” in Proceedings of International Symposium on Integrated Network Management, 1-8. 2011.
 
[9]  Wang, L. and Kangasharju, J., “Measuring Large-Scale Distributed Systems: Case of BitTorrent Mainline DHT,” in: Proceedings of IEEE Thirteenth International Conference on Peer-to-Peer Computing (P2P), 1-10. 2013.
 
[10]  Adelstein, F. and Joyce, R. A., “File Marshal: Automatic extraction of peer-to-peer data,” Digital Investigation, 4 (S1). S43-S48. 2007.
 
[11]  P2P Marshal. [Online]. Available: http://forensicswiki.org/wiki/P2PMarshal. [Accessed June 29, 2015].
 
[12]  Woodward, A. J. and Valli, C., “Do Current Erasure Programs Remove Evidence of BitTorrent Activity?” in: Proceedings of Conference on Digital Forensics, Security and Law, 147-158. 2007.
 
[13]  Woodward, A., “Do Current BitTorrent Clients running on Windows 7 beta leave behind meaningful data?” in: Proceedings of International Conference on Security and Management, 622-627. 2009.
 
[14]  Lallie, H. S. and Briggs, P. J, “Windows 7 registry forensic evidence created by three popular BitTorrent clients,” Digital Investigation, 7(3-4). 127-134. 2011.
 
[15]  J. Acorn and J. Austin. “Forensic Studies in BitTorrent,” Produced by the Information Security Group at Royal Holloway, University of London in conjunction with TechTarget, 2008. [Online]. Available: http://cdn.ttgtmedia.com/searchSecurityUK/downloads/RH6_Acorn.pdf. [Accessed June 30, 2015].
 
[16]  Sahoo, P.K., Chottray, R. K. and Pattnaiak, S., “Research Issues on Windows Event Log,” International Journal of Computer Applications, 41(19), 23-29. March 2012.
 
Show Less References

Article

An Incoercible E-Voting Scheme Based on Revised Simplified Verifiable Re-encryption Mix-nets

1Graduate School of Engineering, University of Fukui, Japan

2Department of Computer Science and Engineering, Khulna University of Engineering and Technology, Bangladesh


Information Security and Computer Fraud. 2015, 3(2), 32-38
doi: 10.12691/iscf-3-2-2
Copyright © 2015 Science and Education Publishing

Cite this paper:
Shinsuke Tamura, Hazim A. Haddad, Nazmul Islam, Kazi Md. Rokibul Alam. An Incoercible E-Voting Scheme Based on Revised Simplified Verifiable Re-encryption Mix-nets. Information Security and Computer Fraud. 2015; 3(2):32-38. doi: 10.12691/iscf-3-2-2.

Correspondence to: Shinsuke  Tamura, Graduate School of Engineering, University of Fukui, Japan. Email: tamura@u-fukui.ac.jp

Abstract

Simplified verifiable re-encryption mix-net (SVRM) is revised and a scheme for e-voting systems is developed based on it. The developed scheme enables e-voting systems to satisfy all essential requirements of elections. Namely, they satisfy requirements about privacy, verifiability, fairness and robustness. It also successfully protects voters from coercers except cases where the coercers force voters to abstain from elections. In detail, voters can conceal correspondences between them and their votes, anyone can verify the accuracy of election results, and interim election results are concealed from any entity. About incoercibility, provided that erasable-state voting booths which disable voters to memorize complete information exchanged between them and election authorities for constructing votes are available, coercer C cannot know candidates that voters coerced by C had chosen even if the candidates are unique to the voters. In addition, elections can be completed without reelections even when votes were handled illegitimately.

Keywords

References

[1]  Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans. On Information Theory, IT-22(6), 644-654, 1976.
 
[2]  D. Boneh and P. Golle, “Almost entirely correct mixing with applications to voting,” ACM Conference on Computer and Communication Security, 68-77, 2002.
 
[3]  P. Golle, S. Zhong, D. Boneh, M. Jakobsson and A. Juels, “Optimistic mixing for exit-polls,” Asiacrypt 2002, 451-465, 2002.
 
[4]  M. Jakobson, A. Juels and R. Rivest, “Making mix nets robust for electronic voting by randomized partial checking,” USENIX Security 02, 339-353, 2002.
 
[5]  L. Nguen, R. Dafavi-Naini and K. Kurosawa, “Verifiable shuffles: A formal model and a Paillier-based efficient construction with provable security,” PKC 2004, 61-75, 2004.
 
Show More References
[6]  B. Lee, C. Boyd, E. Dawson, K. Kim, J. Yang and S. Yoo, “Providing receipt-freeness in mixnet-based voting protocols,” Proceedings of the ICISC ’03, 261-74, 2003.
 
[7]  J. Furukawa, “Efficient, Verifiable shuffle decryption and its requirement of unlinkability,” PKC 2004, 319-332, 2004.
 
[8]  K. Sampigethaya and R. Poovendran, “A framework and taxonomy for comparison of electronic voting schemes,” Elsevier Computers and Security, 25, 137-153, 2006.
 
[9]  S. Weber, “A coercion-resistant cryptographic voting protocol -evaluation and prototype implementation,” Diploma thesis, Darmstadt University of Technology; 2006
 
[10]  P. Y. A. Ryan, D. Bismark, J. Heather, S,Schneider and Z. Xia, “A voter verifiable voting system,” IEEE Trans. On Information Forensics and Security, 4(4), 662-673, 2009.
 
[11]  K. A. Md Rokibul, S. Tamura, S. Taniguchi and T. Yanase, “An anonymous voting scheme based on confirmation numbers,” IEEJ Trans. EIS. 130(11), 2065-2073, 2010.
 
[12]  C. C. Lee, T. Y. Chen, S. C. Lin and M. S. Hwang, “A new proxy electronic voting scheme based on proxy signatures,” Lecture Notes in Electrical Engineering, 164, Part 1 3-12, 2012.
 
[13]  S. Tamura, “Anonymous security systems and applications: requirements and solutions,” Information Science Reference, 2012.
 
[14]  S. Tamura and S. Taniguchi, “Simplified verifiable re-encryption mix-nets,” Information Security and Computer Fraud, 1(1), 1-7, 2013.
 
[15]  S. Tamura and S. Taniguchi, “Enhancement of anonymous tag based credentials,” Information Security and Computer Fraud, 2(1), 10-20, 2014.
 
[16]  S. Tamura, “Elements of schemes for preserving privacies in e-society systems,” Lambert Academic Publishing, 2015.
 
Show Less References

Article

Assessment of E-Voting Risks Using AHP Method for the Omani Government Election

1Faculty of Industrial Management, University Malaysia Pahang, TunRazak Highway, Kuantan, Pahang, Malaysia


Information Security and Computer Fraud. 2016, 4(1), 1-8
doi: 10.12691/iscf-4-1-1
Copyright © 2016 Science and Education Publishing

Cite this paper:
Faisal Al Amry, ChengJack Kie. Assessment of E-Voting Risks Using AHP Method for the Omani Government Election. Information Security and Computer Fraud. 2016; 4(1):1-8. doi: 10.12691/iscf-4-1-1.

Correspondence to: Faisal  Al Amry, Faculty of Industrial Management, University Malaysia Pahang, TunRazak Highway, Kuantan, Pahang, Malaysia. Email: alamryfaisal@gmail.com

Abstract

The purpose of this paper is twofold; to investigate the risks involving with e-voting and to evaluate the risk management of policy of e-voting. In the country of Oman, the Ministry of Interior (MOI) has already implemented an e-voting system making use of the e-Authentication technique, which uses the existing National ID Card to authenticate citizens for voting. This new e-voting system will give solutions that shall allow all citizens to come to election points and get authenticated through their National ID Card before proceeding to the vote. The solution shall be hosted within the current National ID System, taking advantage of the electronic authentication of the cards while enhancing these capabilities with functions specific to the election process, ensuring election rights and introducing vote timestamp storage in the cards. However; review and observation within Ministry of Interior (MOI) of Oman concluded that there is no documented Risk Management Plan that can foresee risks, estimate impacts, and define responses to issues relating with risks involving voting process in the country of Oman. In the context of e-voting systems, risk management is regarded as the characterization of the e- Voting System in Oman; this consists of defining the system for the risk assessment. This is the assessment of system elements, such as hardware, software, system interfaces, data and information, personnel actions, and the mission of the e- Voting system. This is followed by the Identification Threat Sources, Vulnerability Identification, Controls Analysis, Threat Likelihood, performance of impact Analysis and risk level. It is then followed by the Development of Risk Mitigation Strategies and finally the documentation of Results.

Keywords

References

[1]  BusinessDictionary, “Risk Definition.” 2014.
 
[2]  L. Tchankova, “Risk identification–basic stage in risk management,” Environ. Manag. Heal., vol. 13, no. 3, pp. 290-297, 2002.
 
[3]  A. A. Filho, “STATE-CONTINGENT INSURANCE AND RISK MANAGEMENT,” STANFORD UNIVERSITY, 2006.
 
[4]  E. Sayari, M. Yaghoobi, and M. Ghanaatpishe, “Using Fuzzy Delphi Method in Risk Management (Case Study: Implementation of Fuzzy Delphi Method to Identify Credit Risks in Convert Financial and Credit Institutions into the Bank ,” World Appl. Sci. J., vol. 31, no. 5, pp. 759-766, 2014.
 
[5]  R. Nelson, “IT project management: infamous failures, classic mistakes and best practices ,” MIS Q. Exec., vol. 6, no. 2, pp. 67-78, 2007.
 
Show More References
[6]  H. Taylor, E. Artman, and J. P. Woelfer, “Information technology project risk management: bridging the gap between research and practice,” J. Inf. Technol., vol. 27, no. 1, pp. 17-34, 2012.
 
[7]  B. Whittaker, “What went wrong? Unsuccessful information technology projects,” Inf. Manag. Comput. Secur., vol. 7, no. 1, pp. 23-30, 1999.
 
[8]  S. Aminbakhsh, M. Gunduz, and R. Sonmez, “Safety risk assessment using analytic hierarchy process (AHP) during planning and budgeting of construction projects.,” J. Safety Res., vol. 46, pp. 99-105, Sep. 2013.
 
[9]  N. Poolsappasit, “Towards an efficient vulnerability analysis methodology for better security risk management,” Colorado State University, Colorado, 2010.
 
[10]  A. Ghadge, S. Dani, and R. Kalawsky, “Supply chain risk management: present and future scope,” Int. J. Logist. Manag., vol. 23, no. 3, pp. 313-339, 2012.
 
[11]  R. Williams, B. Bertsch, B. Dale, T. Van Der Wiele, J. Van Iwaarden, M. Smith, and R. Visser, “Quality and risk management: what are the key issues?,” TQM Mag., vol. 18, no. 1, pp. 67-86, 2006.
 
[12]  K. T. Yeo, “Strategy for risk management through problem framing in technology acquisition,” Int. J. Proj. Manag., vol. 13, no. 4, pp. 219-224, 1995.
 
[13]  S. Alhawari, L. Karadsheh, A. Nehari Talet, and E. Mansour, “Knowledge-based risk management framework for information technology project,” Int. J. Inf. Manage., vol. 32, no. 1, pp. 50-65, 2012.
 
[14]  D. Gritzalis, Secure electronic voting. Kluwer Academic Publishers Dordrecht, 2003.
 
[15]  P. Haijun, H. Edwin, and A. Nirwan, “RE-NOTE: An E-voting scheme based on ring signature and clash attack protection,” in Global Communications Conference (GLOBECOM), 2013 IEEE, 2103, pp. 867-871.
 
[16]  D. P. Moynihan, “Building Secure Elections: E‐Voting, Security, and Systems Theory,” Public Adm. Rev., vol. 64, no. 5, pp. 515-528, 2004.
 
[17]  Z. Xukai, L. Huian, S. Yan, P. Wei, and L. Feng, “Assurable, transparent, and mutual restraining e-voting involving multiple conflicting parties,” in INFOCOM, 2014 Proceedings IEEE, 2014, pp. 136-144.
 
[18]  L. C. Schaupp and L. Carter, “E-voting: from apathy to adoption,” J. Enterp. Inf. Manag., vol. 18, no. 5, pp. 586-601, 2005.
 
[19]  Verified_Voting.org, “Summary of the Problem with Electronic Voting,” 2014. [Online]. Available: http://www.verifiedvoting.org/wp-content/uploads/downloads/revised_summary31.pdf.
 
[20]  R. Gibson, “Elections online: Assessing Internet voting in light of the Arizona Democratic primary,” Polit. Sci. Q., vol. 116, no. 4, pp. 561-583, 2001.
 
[21]  D. Mac Namara, J. Gibson, and K. Oakley, “Just Like Paper-a baseline for classifying e-voting usability,” Int. Conf. e-Democracy Open Gov., pp. 1-12, 2014.
 
[22]  R. Mercuri, “Electronic Vote Tabulation Checks and Balances,” University of Pennsylvania, , Philadelphia, 2000.
 
[23]  D. Jefferson and A. Rubin, “Analyzing internet voting security,” Commun. theACM, vol. 47, no. 10, p. 59, 2004.
 
[24]  M. Alvarez, T. Hall, and A. Treschsel, “Internet Voting in Estonia,” VTP Working Paper, 2008.
 
[25]  T. Kohno, A. Stubblefield, A. D. Rubin, and D. S. Wallach, “Analysis of an electronic voting system,” in Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on, 2004, pp. 27-40.
 
[26]  C. A. Neff, “A verifiable secret shuffle and its application to e-voting,” in Proceedings of the 8th ACM conference on Computer and Communications Security, 2001, pp. 116-125.
 
[27]  A. H. Trechsel and F. Mendez, “The European Union and e-voting: addressing the European Parliament’s internet voting challenge,” 2005.
 
[28]  N. Subramanian and R. Ramanathan, “A review of applications of Analytic Hierarchy Process in operations management,” Int. J. Prod. Econ., vol. 138, no. 2, pp. 215-241, Aug. 2012.
 
[29]  A. Samvedi, V. Jain, and F. T. S. Chan, “Quantifying risks in a supply chain through integration of fuzzy AHP and fuzzy TOPSIS,” Int. J. Prod. Res., vol. 51, no. 8, pp. 2433-2442, Apr. 2013.
 
[30]  J. M. Moreno-Jiménez, C. Pérez-Espés, and M. Velázquez, “e-Cognocracy and the design of public policies,” Gov. Inf. Q., vol. 31, no. 1, pp. 185-194, Jan. 2014.
 
[31]  P. Aragonés-Beltrán, F. Chaparro-González, J.-P. Pastor-Ferrando, and A. Pla-Rubio, “An AHP (Analytic Hierarchy Process)/ANP (Analytic Network Process)-based multi-criteria decision approach for the selection of solar-thermal power plant investment projects,” Energy, vol. 66, pp. 222-238, Mar. 2014.
 
[32]  W. Liu, “A Electronic Commerce Risk Evaluation Method Based on AHP and GRA,” in Information Science and Engineering (ICISE), 2009 1st International Conference on, 2009, pp. 2791-2793.
 
[33]  M. Hirt and K. Sako, “Efficient receipt-free voting based on homomorphic encryption,” Adv. Cryptology—EUROCRYPT 2000, 2000.
 
[34]  J. F. Cunha, M. J. Leitão, J. P. Faria, M. P. Monteiro, and M. A. Carravilla, “Auditing e-Voting Pilot Processes and Systems at the Elections for the European Parliament and for the Portuguese Parliament,” in Seconfd Internationl Conference on Electronic Voting, 2006, pp. 145-155.
 
[35]  J. Esteve, “The Certification of E-Voting Mechanisms. Fighting against Opacity.,” Electron. Voting, 2008.
 
Show Less References