As the Internet and electronic mail continue to be utilized by an ever increasing number of users, so does fraudulent and criminal activity via the Internet and email increase. The negative effects of cybercrime activities on the use of the Internet for e-business and secure communications increased interest in studying the factors that motivate these criminals, their tactics and what can be done to mitigate their activities. The research in the area of email analysis usually focuses on two areas, email traffic analysis and email content analysis, but very poor in the area of visual analytics of emails. The paper presents the software for visualizing suspicious email messages based on the information provided in the email header (rather than the content of the email). This IP mapping tool, called MIPA, uses a Google Map to display the geographic position and integrates InfoDB, WhoIS databases, and the Google Maps API. Thus, the proposed work can be helpful for identifying and investigating suspicious email messages and also assist the investigators to get the information in time to take effective actions to reduce the criminal activities.

This paper analyses randomness in various video and audio media file types, like: Joint Photographic Experts Group (JPEG), Waveform Audio File Format (WAV), Flash video (FLV), high-quality, free and open video format for the web (WEBM) and MPEG-1 Audio Layer 3 (MP3). Analysis is done by executing different statistical test. Statistical tests are usually used for testing different both True Random Number Generators (TRNG) and Pseudo-Random Number Generators (PRNG), but we use them in this paper to analyse various media file types instead of TRNGs and PRNGs output results. Proposed methods for analysing are implemented in C programming language, by using one part of ENT (pseudo random number sequence test program) and making additional scripts for faster processing. Comparison of randomness is done by comparing different file types and accompanying results of statistical tests with each other. The results of comparison are presented.

This paper proposes a cryptographic key establishment method based on set of images shared by sender and receiver. The method is simple, fast and secure. We call it CryptoStego. Possible key sizes are virtually limitless. Proposed method is implemented in C programming language. The implementation is compared with (A)RC4 stream cipher, by comparing CPU time and memory occupation by both algorithms. The results of comparison are presented. Intel VTune Amplifier XE 2011 was used as measuring tool.

The fundamental concepts of this work are related to the proxy signature delegation in workflow systems. Many business processes rely on electronic documents. Therefore, organizations must properly protect the contents of an electronic document throughout its entire life cycle. Proxy digital scheme does not provide control over whether the proxy signer is allowed to accept delegation concerning the separation of duties, neither does it treat other possible delegation constraints. With proxy signature it is particularly important to prove whether the delegator is the authorized signer. The delegation of signature is constructed using the advantage of the RBAC model which is widely adopted in the current workflow management systems. This paper defines the controlled proxy signature model based on the role-based access control model. The central idea of this proposed model is that by controlling the delegation of tasks we are controlling the delegation of signature.

VoIP (Voice over Internet) provides delivery of voice information over unsecured IP-based networks like the Internet. VoIP data, signaling and voice, needs to be secured in such an environment. Security mechanisms take their toll on VoIP system performance. SIP is dominant signaling protocol for VoIP. This paper measures relative decrease in VoIP performance of system with secured SIP signaling over one without it. It compares SIP with authentication enabled over three transport protocols: UDP, TCP and TLS. Peak throughput of concurrent calls, registration request delay, session request delay, SIP server CPU and RAM usage are measured. Testbed environment consists of Asterisk IP private branch exchange (PBX) as a part of Elastix server, several SIP user agents and SIPp traffic generator. Test results show that performance of SIP over TLS based signaling is four times lower than the SIP signaling over UDP in most metrics.

IPv4 address space is almost exhausted. Usage of IPv6 address by client end hosts is limited due to small percentage of domain names that have IPv6 address. This paper presents practical testing in ISP that gives its users IPv6 addresses and provides them transparent access to both IPv4 and IPv6 Internet locations. DNS64/NAT64 translation mechanism is used for this purpose. Tests measure resource requirements on ISP side and effects on client experience. Results show that additional DNS64 processing causes no visible impact on DNS server CPU load. There is requirement for NAT64 device at ISP on path between IPv6 users and IPv4 Internet. Test results show that memory requirements for this device are small and achievable with standard hardware devices used by ISPs. Measured increase in RTT from IPv6 clients to IPv4 Internet is less than 2%. Conclusion is that DNS64/NAT64 translation system is viable solution for ISP.

Nowadays, software tools are commonly used to encrypt data on hard disk. Those tools keep encryption keys in system memory to provide the user easy access to plain text of encrypted files. Key possesion enables data decryption. A procedure that includes usage of hibernation file as a source of memory content is described. Publicly available tools are used to perform the procedure. The procedure is successfully tested on a system that uses current encryption program.

Traditional digital forensics is performed through static analysis of data preserved on permanent storage media. Not all data needed to understand the state of examined system exists in nonvolatile memory. Live analysis uses running system to obtain volatile data for deeper understanding of events going on. Sampling running system might irreversibly change its state making collected evidence invalid. This paper proposes combination of static and live analysis. Virtualization is used to bring static data to life. Volatile memory dump is used to enable offline analysis of live data. Using data from memory dump, virtual machine created from static data can be adjusted to provide better picture of the live system at the time when the dump was made. Investigator can have interactive session with virtual machine without violating evidence integrity. Tests with sample system confirm viability of proposed approach.

This paper presents a novel payload analysis method. Consecutive bytes are separated by boundary symbols and defined as words. The frequencies of word appearance and word to word transitions are used to build a model of normal behavior. A simple anomaly score calculation is designed for fast attack detection. The method was tested using real traffic and recent attacks to demonstrate that it can be used in IDS. Tolerance to small number of attack in training data is shown.

One of the basic principles of cryptography is that the security of a system must depend not on keeping secret the algorithm, but only the key. This principle is known as Kerckhoffs' Principle. In this paper we propose application of this principle in intrusion detection systems. The fact that attackers know the intrusion detection algorithm will not help them if there is a secret key for each implementation that makes it different enough from the others. Implementation of network packet payload anomaly detection IDS that enables application of the idea is presented. Results for various keys confirm excellent detection capabilities. Proof of concept mimicry attack protection example is provided.

This paper presents possible path for securing public IT services. Public sector IT services deployment issues are presented. Security needs are defined. Possible gains from ICT in public sector are quoted. Simple services with highest impact that should be secured and offered are defined. Public key infrastructure (PKI) is proposed as basis of solution. PKI resolves many of the problems in the area of secure computer communications but is expensive and complex to implement. A paper suggests an approach to creating PKI that is feasible. Specific needs, environment and administration of public institutions are used to propose custom made PKI. Given approach lowers the cost and level of complexity of building PKI and brings them within reach of a public institution. Legal consequences of PKI implementation are examined.

This paper explores possibility of detecting intrusions into computer networks using network packet payload analysis. Quick overview of current IDS state of the art is given. Issues with IDS are explained. Integrated approach to IDS building is suggested. Anomaly detection process improvements are recomended. Current prevailing methods for network intrusion detection based on packet meta data, headers, are compared with method proposed in paper. Reasoning behind packed payload analysis for intrusion detection is presented. Modeling of HTTP normal and anomalous payload using artificial neural networks is suggested as best approach. Future work is defined.

Network intrusion detection based on packet payload analysis is presented. Quick overview of current IDS state of the art is given. Current prevailing methods for network intrusion detection based on packet meta data, headers, will are compared with method proposed in paper. Reasoning behind packed payload analysis for intrusion detection are presented. Application of data mining methods for packet payload analysis is considered. Issues with payload analysis, like performance and false negatives and positives, will are explained.

The paper examines the security of e-banking fat client. Strong authentication built in fat client is not always applied to overall system. Fat clients store data locally, and that data might not be protected with the same strong authentication. It is possible to bypass such a fat client and access e-banking data stored locally directly, and in this way effectively reduce data security to the level of security provided for local storage. The paper suggests the use of cryptographic data storage. It would ensure overall security to be equal to the strong authentication required to use fat client.