ICDF2C, KDFS 2015 论文征文公告

Please note: all submissions and presentations must be in English.
国际数字取证、网络犯罪会议(ICDF2C)是旨在促进数字取证及网络犯罪侦查的发展,推动全世界的优秀研究人员、实务人员、教育者间互相交流的国际性学术会议,每年举办一届。为延续ICDF2C的国际合作传统,今年的ICDF2C将与韩国数字取证协会年会共同召开。
ICDF2C 2015拟定于2015年 10月 6日至8日在韩国首尔召开。ICDF2C包括已完成的研究论文、研究中的论文、 分组讨论、实务人员发言等多种参与形式。提交的研究论文在经过“双盲评审”(double-blind peer review)方式的审核过程后,被接收的论文将通过 Springer-Verlag进行出版。其中,优秀论文将刊登在SCI级的期刊—— Digital investigation
特别计划
今年的ICDF2C将围绕以下两个中心主题进行。我们期待着与以下两个中心相关的论文投稿。   暗网(dark web)的使用、启示及侦查 加密货币(crypto currency)的相关事例研究及侦查方法   随着互联网的登场,犯罪分子们能够更容易的通过匿名进行犯罪。随着全球通信和网络基础设施设备日趋复杂,网络犯罪的侦查难度也变得越来越高。能够证明不法行为的证据大都被大量的数据所掩盖,探知犯罪行为并搜集证据迫切需要过滤掉大批的无关数据。数字取证和网络犯罪的调查已成为执法及国家安全和信息保护的一个非常重要的部分。数字取证和网络犯罪侦查与法律、计算机技术、金融、信息通信、数据分析、警察活动等多领域密切相关。ICDF2C是能够汇集各领域的实务人员及研究人员,促进与会人员间学术交流并能够创造全新商业机会的创新型合作平台。
此次会议的主要议题如下。
  • 反数字取证及反-反数字取证
  • 大数据和数字取证
  • 数字取证技术的商业应用
  • 民事诉讼支援
  • 云取证
  • 网络犯罪侦查
  • 网络犯罪心里及画像
  • 网络文化及网络恐怖主义
  • 数据隐藏及隐写术
  • 数字取证科学
  • 数字取证工具检测及确认
  • 数字取证趋向
  • 数字取证及法律
  • 数字取证的出错率
  • 有关数字取证的新算法
  • 数字取证的流程及程序
  • 数字取证标准化及认可
  • 数字取证分类
  • 电子披露制度
  • 黑客入侵
  • 事件(入侵)响应
  • 信息战及关键设施保护
  • 法律执行及数字取证
  • 机器学习及数字取证
  • 恶意软件及僵尸网络
  • 移动设备和手持设备及多媒体取证
  • 洗钱
  • 网络取证
  • new chip-off techniques
  • 数字取证的培训计划新方式
  • 网络诈骗
  • 编程语言及数字取证
  • SCADA取证
  • 网络性虐儿童
  • 软件及媒体版权盗窃
  • 数字取证的理论基础
  • 适应在数字取证的传统犯罪学
  • 对网络犯罪和数字取证的哲学解释
研究论文
征集之前未经发表的具有独创性的研究论文,但,已在其他学术会议、学术期刊或已通过其他渠道进行审稿的论文除外。 我们期待收到与上文已罗列出的主题相关的论文,除此之外,也欢迎其他领域的论文接受审核。如有任何疑问请联系会议议长。
其他参加项目
本次学术会议包含已完成的研究论文、研究中的论文及分组讨论、圆桌讨论、实务人员发言等多种项目。各项目相关事项,见下文。
  • 已完成的研究论文 : 10张以内(包括序文、图表、表格、参考文献)
  • 研究中的论文 : 6张以内(包括序文、图表、表格、参考文献)
  • 实务人员发言 : 须准备1000字以内的内容说明, 记录发言的所有内容(vendor neutral)。
  • 圆桌讨论 : 须提交讨论主题概要说明,限1000字以内。
  • 分组讨论 : 须提交内容说明,限1000字以内;特定的参加者(panellist)名单。   讲座(Tutorial)提案 : 须提交讲座主题、主讲人、讲座长度、讲座对象的说明以及提案人的简历,限1000字以内。
投稿指南
~1 min read

FIDO Alliance Password-less Authentication Spec.

[Edited 2015-02-02]
Last month, the FIDO Alliance released specifications that attempt to remove passwords from authentication. A few years ago, Google was already “declaring war on passwords”, even publishing an interesting article in IEEE Security and Privacy: Authentication at Scale. While some improvements have been made, like Google Authentication for 2-factor authentication, it does not appear to be widely implemented.
<div>
</div><div>The FIDO Alliance, however, is looking to change that with their Universal Authentication Framework (UAF) and Universal Second Factor (U2F) standards.</div><div>
</div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"></td></tr><tr><td class="tr-caption" style="text-align: center;">UAF and U2F process graphic from the FIDO Alliance</td></tr></tbody></table><div class="separator" style="clear: both; text-align: center;">
</div><div class="separator" style="clear: both; text-align: left;">Apparently a device with the UAF stack accepts either biometric input or a pin code to authenticate to UAF. UAF itself apparently keeps the user’s private key for associated websites. This key is used to send a login response when challenged.</div><blockquote class="tr_bq" style="clear: both; text-align: left;">A site or browser prepared to accept FIDO authentication can/will offer a user the option if a FIDO device is present. The first time a device is identified, a user will be offered the option to register their FIDO authenticator and use it. Subsequently, the registered device is automatically detected at the site and the user is presented with options for authentication, until/unless the user opts in or out. Please note that FIDO authentication is entirely device-centric. The authentication exchange occurs only between the FIDO device and the authenticating FIDO server, and the exchange is only in crypto.1</blockquote><div class="separator" style="clear: both; text-align: left;">U2F is not much different. It appears to be a USB or similar device much like PAM USB. Because the authentication is device-centric, backup pass codes to unlock the device are not interesting to an attacker (unless they can get local access).</div><blockquote class="tr_bq" style="clear: both; text-align: left;">Though a U2F device may store a password (really, it can be a 4-digit PIN) as a fallback for a user to unlock their own device locally (to effect changes, for example), this application can use a very simple, fixed password or code. In this way, the U2F PIN is not at all like OTP. The PIN available to a U2F user never needs to change, because it never does anything but allow a user to unlock the device locally. The PIN is only relevant to the FIDO device, so there is never the need to share to a server or a network, such as OTP must do. It has no value to a hacker, because it is meaningless to the server.1</blockquote><div class="separator" style="clear: both; text-align: left;">While this system may help with support for better authentication, of course there will have to be a ‘fall back’ method. Right now this comes in the form of backup one-time-passwords, which criminals have proven are easily stolen. Overall, this system appears to still be vulnerable to downgrade attacks (not every system will support this standard), and ultimately user error, but it does make things more difficult for mass attacks while still (potentially) being relatively easy for the end user.</div><div class="separator" style="clear: both; text-align: left;">
</div><div class="separator" style="clear: both; text-align: left;">Rightly, the FIDO Alliance answers the question “What makes FIDO different?” The answer being that they are providing on online crypto / authentication framework. Luckily, the FIDO Alliance has some big names that should be able to support large-scale standards like this for a long time. If not, basic passwords are better than security systems that can’t be updated.</div><div class="separator" style="clear: both; text-align: left;">
</div><hr width="80%" />
1 Clarification provided by Suzanne Matick

2 min read

[CFP] DFRWS US 2015

Just a quick reminder that the DFRWS US 2015 is coming up soon!

From DFRWS.org:
DFRWS 2015 will be held on  August 9-13, 2015 at the Hyatt Regency Philadelphia at Penn’s Landing, Philadelphia, PA USA

Important Dates

<ul><li>Paper and panel submission deadline: February 9, 2015 (any time zone).</li><li>Paper author notification: April 1, 2015</li><li>Final paper draft and presenter registration(*): April 30, 2015</li><li>Presentation and singleer abstract submission deadline: April 17, 2015 (any time zone)</li><li>Presentation notification: May 1, 2015</li><li>Conference dates: August 9-13, 2015</li></ul><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div>
</div><div>Topics of Interest</div>
<div><ul><li>Memory analysis and snapshot acquisition</li><li>Storage forensics, including file system and Flash</li><li>“Big data” approaches to forensic, including collection, data mining, and large scale visualization</li><li>Incident response and live analysis</li><li>Virtualized environment forensics, with specific attention to the cloud and virtual machine introspection</li><li>Malware and targeted attacks: analysis, attribution</li><li>Network and distributed system forensics</li><li>Event reconstruction methods and tools</li><li>Mobile and embedded device forensics</li><li>Digital evidence storage and preservation</li><li>Data recovery and reconstruction</li><li>Multimedia analysis</li><li>Database forensics</li><li>Tool testing and development</li><li>Digital evidence and the law</li><li>Case studies and trend reports</li><li>Data hiding and discovery</li><li>Anti-forensics and anti-anti-forensics</li><li>Interpersonal communications and social network analysis</li><li>Non-traditional forensic scenarios and approaches (e.g. vehicles, control systems, and SCADA)</li></ul></div><div><div>The above list is only suggestive. We welcome new, original ideas from people in academia, industry, government, and law enforcement who are interested in sharing their results, knowledge, and experience. Authors are encouraged to demonstrate the applicability of their work to practical issues. Questions about submission topics can be sent via email to: usa-papers (at) dfrws (dot) org</div></div>

1 min read

What is your password?

Jimmy Kimmel, a U.S. talk show host, commented on U.S. cyber security after the 2014 Sony attacks. To humorously demonstrate the problem, they employed a bit of social engineering on the streets to see if they could get random users’ passwords. While most people did not directly give their passwords, it was not hard to get them to reveal some personal information. This is one reason why Google wanted to switch to security keyfobs (which does not seem to have taken off). Linux, by the way, has had device-based authentication for a while that can be configured to log into the system, websites, etc. using almost any connect-able device.
<div>
<div class="separator" style="clear: both; text-align: center;"></embed></div><div>
</div><div><div>Luckily for hackers, fooling a mass of people online is much easier than this.</div></div></div><div>
</div><div>What can you do? Lifehacker has talked about how to pick a strong password, methods for creating passwords you will remember, and even a list of best password managers. But most of all, just don’t tell people your password.

Photo by BM5K</div>

~1 min read

Cybersecurity Tips for Business Travelers

I recently received an email from someone claiming to be from CNN, wanting to do a segment on cyber security for business travelers. They asked for some bullet points that tech-savvy travelers may be able to follow to protect themselves. I threw together some points that are common crime trends, or that I normally think about when travelling.

I am assuming the main concern is some type of hacking or data theft. I’m assuming some technical capability in my (general) recommendations below, and skipping some obvious pointers.

<ul><li>Coordinate an OFFLINE authentication system with your secretary or work, and use this authentication token any time you are talking about money transfers or bank details. Common threat now - hackers know when you travel and use the confusion to defraud the company.</li><li>The company should be running a VPN that works over ports 443 and/or port 80.</li><li>Attempt to understand common cyber threats (and their cause) in the country - are you vulnerable to local attacks?</li><li>Attempt to use systems that are NOT commonly used in the destination country. Target systems in Korea: Windows, IE, Android. Avoid these and your chances of being compromised are much lower. (Linux Live CD/USB is easy to use)
</li><li>Do you need to bring all of your work data with you? Can you copy only required documents to the system that you bring with you (threat minimization)? Wipe out the systems when you come back home.</li><li>Same as above for phones / mobile devices.
</li><li>For business systems incl. phones, use full drive encryption and remote wipe capabilities (don’t mess with location tracking services).</li><li>Use a procedure for backing up all your data that always requires two-factor authentication - no remembered logins (if ‘cloud-based’).</li><li>Be aware of how locals use credit cards. If they don’t trust using cards in their country/city, you probably shouldn’t either. In countries where point of sale (POS) attacks are trending, use cash.
</li><li>If possible (and trust-worthy) it may be better to use a local anti-virus while you are in the country.</li><li>Try to avoid accessing sensitive information over the internet. If not using a VPN, prefer mobile broadband. If all else fails, at least make sure a local wireless connection is using encryption.</li><li>Manually set your DNS to a trusted server.
</li></ul>These are some of the things I am thinking about on business trips abroad.

Cyber security abroad is really about common sense, and should not be that much different than cyber security at home. Try not to put sensitive information in risky situations, and if you have to, at least try to protect it (trusted VPNs, etc).

Photo by Yuri Samoiliv

2 min read

Online Child Exploitation Awareness Project

With the KITRI Best of the Best Information security program, we have been developing tools for Law Enforcement to use in the automatic detection of Child Exploitation Material (images). The new code and classifiers will be merged into the imageClassification github repository in the next few days, and you will be able to download and use it for free (FOSS). We also have an Autopsy 3 python module available here. If you use any of them, please lets us know how you got on.

However, during the project we realized we were focusing on helping Law Enforcement, who already have a pretty good idea of what online child exploitation is. We decided to start working with the Korean public to raise awareness about online child exploitation.

<div class="separator" style="clear: both; text-align: center;"></div>The project team (Outc4se) created a presentation about Online Child Exploitation, which was presented at a Seoul Tech Society event, Korea University, the Korean National Police University, and others. The overall reaction from the public (in my opinion) was a sullen interest. Some people wanted to ignore the problem, some people had questions. At the end of the presentation the group demonstrated their image classification project, and tried to give tips about what the public can to do protect themselves, their children and help combat online child exploitation.

Seeing that the general public had little awareness of the problem of child exploitation in general, the group set up a blog (http://bob-safekids.blogspot.kr/) with some basic information about child exploitation, and associated research. We hope to keep adding information that the public can use to understand such a common and dangerous issue.

1 min read