Digital Forensic Case Studies for In-Vehicle Infotainment Systems Using Android Auto and Apple CarPlay.

Vehicle systems have been one of the fastest-growing fields in recent years. Vehicles are extremely helpful for understanding driver behaviors and have received significant attention from a forensic perspective. Extensive forensic research was previously conducted on on-board vehicle systems, such as an event data recorders, located in the electronic control unit or manufacturer-based infotainment systems. However, unlike previous vehicles that used only manufacturer-based infotainment systems, most vehicles today are equipped with infotainment systems such as Android Auto and Apple CarPlay. These in-vehicle infotainment (IVI) systems connect to mobile devices such as smartphones and tablets. The vehicle can periodically communicate with a smartphone and thus a network outside the vehicle. Drivers can use more services in their vehicles than ever before. Accordingly, an increasing number of diverse data are being stored in vehicles, with mobile devices connected to both the vehicle and the cloud. Such data include information that can be of significant help to investigators in solving problems during forensic investigations. Therefore, forensics of IVI systems such as Android Auto and Apple CarPlay are becoming increasingly important. We analyzed various forensic studies conducted on Android Auto and Apple CarPlay. Most of the research was mainly focused on mobile devices connected through a wired USB connection. The use of wireless-based IVI systems has recently been increasing. However, the analysis of Android Auto and Apple CarPlay from this point of view is insufficient. Therefore, we proposed a forensic methodology that fully considers such limitations. A forensic analysis was conducted on various IVI systems. We also developed an IVI system forensics tool that works based on the proposed methodology.

Digital Forensic Analysis to Improve User Privacy on Android.

The Android platform accounts for 85% of the global smartphone operating-system market share, and recently, it has also been installed on Internet-of-Things (IoT) devices such as wearable devices and vehicles. These Android-based devices store various personal information such as user IDs, addresses, and payment information and device usage data when providing convenient functions to users. Insufficient security for the management and deletion of data stored in the device can lead to various cyber security threats such as personal information leakage and identity theft. Therefore, research on the protection of personal information stored in the device is very important. However, there is a limitation that the current research for protection of personal information on the existing Android platform was only conducted on Android platform 6 or lower. In this paper, we analyze the deleted data remaining on the device and the possibility of recovery to improve user privacy for smartphones using Android platforms 9 and 10. The deleted data analysis is performed based on three data deletion scenarios: data deletion using the app's own function, data deletion using the system app's data and cache deletion function, and uninstallation of installed apps. It demonstrates the potential user privacy problems that can occur when using Android platforms 9 and 10 due to the leakage of recovered data. It also highlights the need for improving the security of personal user information by erasing the traces of deleted data that remain in the journal area and directory entry area of the filesystem used in Android platforms 9 and 10.

Industrial network-based behavioral anomaly detection in AI-enabled smart manufacturing.

Existing manufacturing systems are isolated from the outside world to protect their sites and systems. However, following the trend of the 4th Industrial Revolution, manufacturing systems have also increased the connectivity of various domains and the convergence of numerous technologies. These systems are referred to as smart manufacturing systems. However, this trend has increased the challenge of network anomaly detection methods, which are a major approach to network security in smart manufacturing. Existing methods define normality under the premise that network components are static, and network operation is periodic compared to the information technology environment. Therefore, comprehensive and volatile network environments require significant time, cost, and labor to define normality. Consequently, artificial intelligence (AI)-based anomaly detection studies have been actively conducted to solve this problem. However, such studies require manual analysis based on expert knowledge of each site during the preprocessing stage to extract the learning features from the collected network data. To solve the above problems, this study proposes a protocol reverse engineering method corresponding to the preprocessing stage of exiting AI studies. Through this method, existing AI-based anomaly detection studies can directly use the collected network data to learn normality without expert knowledge of the site. Furthermore, non-polling or reporting network operating environments that are rarely studied in the manufacturing security domain are targeted. Finally, we propose an anomaly detection method that uses an external signature, time information, the pattern of time intervals, and classified messages. Thus, the proposed method can detect anomalies in the encrypted contents of the manufacturing protocols.

Toward Security Enhanced Provisioning in Industrial IoT Systems.

Through the active development of industrial internet of things (IIoT) technology, there has been a rapid increase in the number of different industrial wireless sensor networks (IWSNs). Accordingly, the security of IWSNs is also of importance, as many security problems related to IWSN protocols have been raised and various studies have been conducted to solve these problems. However, the provisioning process is the first step in introducing a new device into the IIoT network and a starting point for IIoT security. Therefore, leakage of security information in the provisioning process makes exposure of secret keys and all subsequent security measures meaningless. In addition, using the exploited secret keys, the attacker can send false command to the node or send false data to the network manager and it can cause serious damage to industrial infrastructure depending on the IWSN. Nevertheless, a security study on the provisioning process has not been actively carried out, resulting in a provisioning process without guaranteed security. Therefore, in this paper, we analyzed security issues of the provisioning process in IWSN by researching prominent IWSN standards, including ISA 100.11a, WirelessHART, and Zigbee, and also an ISA 100.11a-certified device and provisioning process-related studies. Then, we verified the security issues of the provisioning process through testing and analyzing the provisioning process using the ISA 100.11a standard-implemented devices and ISA 100.11a-certified devices. Finally, we discuss security considerations and the direction of future research on provisioning security for IWSN in the IIoT era.

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography.

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.'s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems.

Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. (J. Med. Syst. 38(10):135, 2014) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.'s (J. Med. Syst. 38(1):9994, 2014) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.'s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.'s protocol resists all known attacks.

AVQS: attack route-based vulnerability quantification scheme for smart grid.

A smart grid is a large, consolidated electrical grid system that includes heterogeneous networks and systems. Based on the data, a smart grid system has a potential security threat in its network connectivity. To solve this problem, we develop and apply a novel scheme to measure the vulnerability in a smart grid domain. Vulnerability quantification can be the first step in security analysis because it can help prioritize the security problems. However, existing vulnerability quantification schemes are not suitable for smart grid because they do not consider network vulnerabilities. We propose a novel attack route-based vulnerability quantification scheme using a network vulnerability score and an end-to-end security score, depending on the specific smart grid network environment to calculate the vulnerability score for a particular attack route. To evaluate the proposed approach, we derive several attack scenarios from the advanced metering infrastructure domain. The experimental results of the proposed approach and the existing common vulnerability scoring system clearly show that we need to consider network connectivity for more optimized vulnerability quantification.

Software authority transition through multiple distributors.

The rapid growth in the use of smartphones and tablets has changed the software distribution ecosystem. The trend today is to purchase software through application stores rather than from traditional offline markets. Smartphone and tablet users can install applications easily by purchasing from the online store deployed in their device. Several systems, such as Android or PC-based OS units, allow users to install software from multiple sources. Such openness, however, can promote serious threats, including malware and illegal usage. In order to prevent such threats, several stores use online authentication techniques. These methods can, however, also present a problem whereby even licensed users cannot use their purchased application. In this paper, we discuss these issues and provide an authentication method that will make purchased applications available to the registered user at all times.

Throughput fairness enhancement using differentiated channel access in heterogeneous sensor networks.

Nowadays, with wireless sensor networks (WSNs) being widely applied to diverse applications, heterogeneous sensor networks (HSNs), which can simultaneously support multiple sensing tasks in a common sensor field, are being considered as the general form of WSN system deployment. In HSNs, each application generates data packets with a different size, thereby resulting in fairness issues in terms of the network performance. In this paper, we present the design and performance evaluation of a differentiated channel access scheme (abbreviated to DiffCA) to resolve the fairness problem in HSNs. DiffCA achieves fair performance among the application groups by providing each node with an additional backoff counter, whose value varies according to the size of the packets. A mathematical model based on the discrete time Markov chain is presented and is analyzed to measure the performance of DiffCA. The numerical results show that the performance degradation of disadvantaged application groups can be effectively compensated for by DiffCA. Simulation results are given to verify the accuracy of the numerical model.

Untraceable mobile node authentication in WSN.

Mobility of sensor node in Wireless Sensor Networks (WSN) brings security issues such as re-authentication and tracing the node movement. However, current security researches on WSN are insufficient to support such environments since their designs only considered the static environments. In this paper, we propose the efficient node authentication and key exchange protocol that reduces the overhead in node re-authentication and also provides untraceability of mobile nodes. Compared with previous protocols, our protocol has only a third of communication and computational overhead. We expect our protocol to be the efficient solution that increases the lifetime of sensor network.