Narasimha Shashidhar scite author profile

Hossain

2012

Phishing causes billions of dollars in damage every year and poses a serious threat to the Internet economy. Email is still the most commonly used medium to launch phishing attacks [1]. In this paper, we present a comprehensive natural language based scheme to detect phishing emails using features that are invariant and fundamentally characterize phishing. Our scheme utilizes all the information present in an email, namely, the header, the links and the text in the body. Although it is obvious that a phishing email is designed to elicit an action from the intended victim, none of the existing detection schemes use this fact to identify phishing emails. Our detection protocol is designed specifically to distinguish between "actionable" and "informational" emails. To this end, we incorporate natural language techniques in phishing detection. We also utilize contextual information, when available, to detect phishing: we study the problem of phishing detection within the contextual confines of the user's email box and demonstrate that context plays an important role in detection. To the best of our knowledge, this is the first scheme that utilizes natural language techniques and contextual information to detect phishing. We show that our scheme outperforms existing phishing detection schemes. Finally, our protocol detects phishing at the email level rather than detecting masqueraded websites. This is crucial to prevent the victim from clicking any harmful links in the email. Our implementation called PhishNet-NLP, operates between a user's mail transfer agent (MTA) and mail user agent (MUA) and processes each arriving email for phishing attacks even before reaching the inbox.

Do Private and Portable Web Browsers Leave Incriminating Evidence? A Forensic Analysis of Residual Artifacts from Private and Portable Web Browsing Sessions

Ohana

2013

The Internet is an essential tool for everyday tasks. Aside from common usage, users desire the option to browse the Internet in a private manner. This can create a problem when private Internet sessions become hidden from computer investigators in need of evidence. Our primary focus in this research is to discover residual artifacts from private and portable browsing sessions. In addition, the artifacts must contain more than just file fragments and enough to establish an affirmative link between user and session. Certain aspects of this topic have triggered many questions, but there have not been enough authoritative answers to follow. As a result, we propose a new methodology for analyzing private and portable web browsing artifacts. Furthermore, our research will serve to be a significant resource for law enforcement, computer forensic investigators, and the digital forensics research community.

Tampering with Special Purpose Trusted Computing Devices: A Case Study in Optical Scan E-Voting

Kiayias

Michel

Russell

et al. 2007

Special purpose trusted computing devices are currently being deployed to offer many services for which the general purpose computing paradigm is unsuitable. The nature of the services offered by many of these devices demand high security and reliability, as well as low cost and low power consumption. Electronic Voting machines is a canonical example of this phenomenon. With electronic voting machines currently being used in much of the United States and several other countries, there is a strong need for thorough security evaluation of these devices and the procedures in place for their use. In this work, we first put forth a general framework for special purpose trusted computing devices. We then focus on Optical Scan (OS) electronic voting technology as a specific instance of this framework. OS terminals are a popular e-voting technology with the decided advantage of a user-verified paper trail: the ballot sheets themselves. Still election results are based on machinegenerated totals as well as machine-generated audit reports to validate the voting process.In this paper we present a security assessment of the Diebold AccuVote Optical Scan voting terminal (AV-OS), a popular OS terminal currently in wide deployment anticipating the 2008 Presidential elections. The assessment is developed using exclusively reverse-engineering, without any technical specifications provided by the machine suppliers. We demonstrate a number of security issues that relate to the machine's proprietary language, called AccuBasic, that is used for reporting election results. While this language is thought to be benign, especially given that it is essentially sandboxed by the firmware to have only read access, we demonstrate that it is powerful enough to (i) strengthen known attacks against the AV-OS so that they become undetectable prior to elections (and thus significantly increasing their magnitude) or, (ii) to conditionally bias the election results to reach a desired outcome. Given the discovered vulnerabilities and attacks we proceed to discuss how random audits can be used to validate with high confidence that a procedure carried out by special purpose devices such as the AV-OS has not been manipulated. We end with a set of recommendations for the design and safe-use of OS voting systems.

Scalable Secure MJPEG Video Streaming

Chen

Liu

2012

In today's world, more and more applications are developed for mobile devices and ever-increasing amount of communication happens over mobile devices and mobile networks. Though providing mobility and convenience, mobile devices generally do not offer intensive computations like their wired counterparts. In this paper we propose a set of methods that aims to protect video, specifically Motion JPEG (MJPEG) video streams, using selective data encryption. More precisely, our algorithm selects the most critical pixel information of MJPEG video as the input of encryption to keep itself lightweight while choosing and encrypting additional less-important video information when the environment allows. The proposed method was originated from the fact that JPEG images are encoded using prioritized pixel information. Experiment results show that the proposed algorithm performs well in terms of frame rate and CPU load at playback.

Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions

Ohana

EURASIP J. on Info. Security

2013

The Internet is an essential tool for everyday tasks. Aside from common use, the option to browse the Internet privately is a desirable attribute. However, this can create a problem when private Internet sessions become hidden from computer forensic investigators in need of evidence. Our primary focus in this research is to discover residual artifacts from private and portable web browsing sessions. In addition, the artifacts must contain more than just file fragments and enough to establish an affirmative link between user and session. Certain aspects of this topic have triggered many questions, but there have never been enough authoritative answers to follow. As a result, we propose a new methodology for analyzing private and portable web browsing artifacts. Our research will serve to be a significant resource for law enforcement, computer forensic investigators, and the digital forensics research community.