Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Assurance Center Iowa State University 1 Computer Forensics – Iowa State University Experience ISU Information Assurance Center www.iac.iastate.edu.

Published byShanon Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Assurance Center Iowa State University 1 Computer Forensics – Iowa State University Experience ISU Information Assurance Center www.iac.iastate.edu."— Presentation transcript:

1 Information Assurance Center Iowa State University 1 Computer Forensics – Iowa State University Experience ISU Information Assurance Center www.iac.iastate.edu April 18, 2003

2 Information Assurance Center Iowa State University 2 Outline Computer Forensics: Research Education Outreach About the ISU program: Research Education Outreach

3 Information Assurance Center Iowa State University 3 Forensics Research Network Origin Identification (Tom Daniels) Accountable Anonymity (Yong Guan, Tom Daniels) Tracing Encrypted Connections (Yong Guan)

4 Information Assurance Center Iowa State University 4 Network Origin Identification Finding the wily hacker! – Many ways that an attacker can conceal his computer/location/identity Lying about/Laundering of Identity – Authentication is too expensive/problematic to use for everything – Forensic approaches are needed Passive Origin Id System for Networks (POISN) – Build an architecture that can trace numerous different types of traffic – Leverage and incorporate past work in origin id.

5 Information Assurance Center Iowa State University 5 Origin Identification Techniques Allows: –Prosecution/Civil Litigation –Cessation/Filtering of Attacks ● Past Work Focuses on Individual Types of Origin Concealment ● POISN develops a general architecture that incorporates past work and allows tracing new types of traffic.

6 Information Assurance Center Iowa State University 6 POISN Approach Distributed Multisource –Incorporates network and host data sources –Can trace many types of traffic –Subject to covert channel problems –Requires wide deployment Distributed Network –Just network data sources –Less intrusive to use –What traffic can be traced without host access?

7 Information Assurance Center Iowa State University 7 Accountable Anonymity Problem Definition Networked computer systems can be attacked from virtually anywhere in the world, the attackers can easily hide their identity and origin through stepping stones such as anonymity systems. Even worse, encrypted attack traffic makes tracing the source of attack substantially more difficult. Our proposed approaches make it possible to trace encrypted attack traffic through a chain of stepping stones in real-time, which can help to stop further attacks, apprehend and punish those who are responsible. Solution will be applicable to a wide range of forensic investigations at all levels.

8 Information Assurance Center Iowa State University 8 Accountable Anonymity Technical Approach: We address this tracing problem through a novel correlation scheme based on statistical timing, size, and other properties of the incoming traffic and outgoing traffic of a stepping stone, rather than the contents of the network messages. The basic approaches include statistical traffic analysis, pattern recognition, and network tomography.

9 Information Assurance Center Iowa State University 9 Accountable Anonymity Target System Stepping Stones Attacker

10 Information Assurance Center Iowa State University 10 Tracing Encrypted Connections Anonymity is key techniques for protecting people’s privacy. However, it can be used to launch attacks. The attackers can easily hide their identity and origin through anonymity systems. Our proposed research aim at developing an innovative concept “Accountable Anonymity” by introducing accountability into anonymity, and designing approaches to implement accountable anonymity. Solution will be applicable to a wide range of forensic investigations at all levels.

11 Information Assurance Center Iowa State University 11 Tracing Encrypted Connections Technical Approach: We address this by studying security implications of various anonymity mechanisms and impacts of human factors and law and policy issues, and designing a sweet spot (i.e., accountable anonymity) between accountability and anonymity. Our previous publications on anonymity research: –Y. Guan, et al, “An Optimal Strategy for Anonymous Communication Protocols,” IEEE ICDCS 2002. –Y. Guan, et al, “A Quantitative Analysis of Anonymous Communications,” in IEEE Transactions on Reliability, to appear. –T. Daniels, et al, “Identification of host audit data to detect attacks on low- level IP vulnerabilities,” Journal of Computer Security, 1999.

12 Information Assurance Center Iowa State University 12 Forensics Education Computer Forensics & Cyberspace Camouflaging

13 Information Assurance Center Iowa State University 13 Computer Forensics & Cyberspace Camouflaging Graduate survey of modern topics in computer forensics and cyberspace camouflaging. Computer forensics studies cyber-attack prevention, planning, detection, and response with the goals of counteracting cybercrime, cyberterrorism, and cyberpredators and making them accountable. Cyberspace camouflaging (e.g. anonymity) are likely to be effective methods against hostile computer forensics.

14 Information Assurance Center Iowa State University 14 Computer Forensics & Cyberspace Camouflaging Module I: Overview of Computer Forensics and Cyberspace Camouflaging & 1 week Module II: Basics of Computer Networks and Operating Systems & 1.5 weeks Module III: Advanced Topics of Computer Forensics & 4 weeks Module IV: Intrusion Detection and Response & 3 weeks Module V: Steganography & Steganalysis & 1 week Module VI: Anonymity/Pseudonymity/Privacy Protection (e.g., P3P) & 3 weeks Module VII: Legal and ethical issues & 1 week (optional)

15 Information Assurance Center Iowa State University 15 Forensics Outreach MFRC DPS Cyber Crime Lab

16 Information Assurance Center Iowa State University 16 Midwest Forensics Resource Center Partnership of Crime Laboratories in IA, IL, WI, MN, ND, SD, NE, KS, and MO, with ISU and the USDOE Ames Laboratory Four-part Program –Casework –Training –Education –Research Funded by National Institute of Justice Director: David P. Baldwin, (515)294-2069

17 Information Assurance Center Iowa State University 17 Midwest Forensics Resource Center Initial DOJ funding started end of August, 2002. A second round of funding was authorized during February of 2003. Has held three Annual Meetings – also specialized regional meetings for crime labs and: rural law enforcement, agencies charged with countering agro- terrorism, college/university forensic science programs

18 Information Assurance Center Iowa State University 18 Midwest Forensics Resource Center Progress in four program areas: Casework Assistance performed work for crime lab or local law enforcement –helped determine cause of 2 deaths, –employed university resources to investigate video tape, –identified biological materials found on a burglary suspect (thought to tie him to a crime scene) Training: –Providing academic and R&D lectures and video to crime labs, –invited by FBI to become regional training partner Education: –held regional meeting of forensic science education programs and state/regional crime labs Research: –Issuing RFP’s, performing R&D project for FBI

19 Information Assurance Center Iowa State University 19 ISU Department of Public Safety Guest lectures in class –Legal issues –Ethical issues –Case studies Computer Case work –Over 10 cases –Helped serve search warrants –Educated officers in cyber crime

20 Information Assurance Center Iowa State University 20 Case work Backdoor software installed on lab of computers to capture password Password capture software install on web server Computers are used for spam mail New computer attacked within 15 minutes of being installed Child porn, IP theft, Software theft.

21 Information Assurance Center Iowa State University 21 Cyber Crime Lab Partnership between: –MFRC –IAC –ISU’s Department of Public Safety Goals: –improve computer security education at ISU, –provide source of computer security R&D ideas, –improve campus and local computer forensic investigation, –establish a new forensics resource for rural Iowa

22 Information Assurance Center Iowa State University 22 Cyber Crime Lab Replaces State Cyber Crime Lab Faculty, Students, and Law enforcement will become certified in computer forensics Lab established in DPS facility Training ground for students. Work on both criminal and civil cases

23 Information Assurance Center Iowa State University 23 Information Assurance at ISU Multidisciplinary: seven academic departments Synergistic: 30+ faculty, joint research Sustained Education: 12 IA courses offered each year Outreach: seminars and short courses to state agencies and industry; security awareness integrated in other curricula; significant inter-University projects University and Regents support: IA Center, MS degree, Graduate Certificate, Ph.D. & undergraduate minor under consideration

24 Information Assurance Center Iowa State University 24 Research

25 Information Assurance Center Iowa State University 25 Education Graduate education –Courses since 1995 –NSF CyberCorps fellowships –Masters of Science in Information Assurance –MS programs specializing in IA in: CprE, CS, Math, PolySci, MIS, and IMSE –PhD programs specializing in IA: CprE and CS –Graduate Certificate in IA –Ph.D. Program planned for next year

26 Information Assurance Center Iowa State University 26 Courses CprE 530: Computer Network Protocols  distance education CprE 531: Computer System Security  distance education CprE 532:Information Warfare  distance education CprE/Math 533:Cryptography  distance education CprE 534:Legal & Ethical Issues in Security CprE 537:Security in Wireless Communications ComS 586:Network Architectures ComS 552:Advanced Operating Systems CprE 592:Seminar (new topics) IE 581X: E-Commerce Systems Engineering MIS 533:Data Management for Decision Makers MIS 534:Electronic Commerce MIS 535:Telecommunications Management MIS 538:Business Processes and Systems PolySci 421:Constitutional Freedoms PolySci 487/587: Electronic Democracy PolySci 486/586:Science, Technology, and Public Policy Note: CprE 530, 531, 532, and 533 lead to an Iowa State University Certificate in Information Assurance

27 Information Assurance Center Iowa State University 27 Outreach Seminars, tutorials, media “experts” Membership on over 10 national panels, boards, and committees NSF faculty development workshop –Summer workshops to increase the number of faculty who teach IA –20 faculty members invited from across the Midwest

28 Information Assurance Center Iowa State University 28 Future IU/CRC Proposal Cyber protection lab Increased research funding Continued participation at state and national level.

29 Information Assurance Center Iowa State University 29 NSF I/UCRC Center for Information Protection Needs at least 18 companies to commit to $600,000 a year in funding for 5 years. NSF funded support for the operation of the center

30 Information Assurance Center Iowa State University 30 NSF I/UCRC NSF provided $10,000 planning grant to raise the funding to create the center University Partners: –Mississippi State University –University of Kansas –Other schools will be added (talking with NCSU and Duke)

31 Information Assurance Center Iowa State University 31 QUESTIONS?

Download ppt "Information Assurance Center Iowa State University 1 Computer Forensics – Iowa State University Experience ISU Information Assurance Center www.iac.iastate.edu."

Similar presentations

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.
Information Security and Assurance Center 1 Address: 615 McCallie Avenue Phone: 423-425-4043 Chattanooga TN 37403

Information Security and Assurance Center 1 Address: 615 McCallie Avenue Phone: Chattanooga TN 37403
Gerald M. Santoro, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.

Gerald M. Santoro, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA (slides.
Information Assurance & Network Security Certificate Prof. Rafael M. Rivera Universidad del Turabo School of Engineering Institute of Telecommunications.

Information Assurance & Network Security Certificate Prof. Rafael M. Rivera Universidad del Turabo School of Engineering Institute of Telecommunications.
Educational Programs in Bioinformatics at UNO Hesham H. Ali Department of Computer Science College of Info Science and Technology University of Nebraska.

Educational Programs in Bioinformatics at UNO Hesham H. Ali Department of Computer Science College of Info Science and Technology University of Nebraska.
College Strategic Plan by Strategic Planning and Quality Assurance Committee.

College Strategic Plan by Strategic Planning and Quality Assurance Committee.
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Overview CSE 465 Information Assurance

Overview CSE 465 Information Assurance
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.

Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.

Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
A First Course in Information Security

A First Course in Information Security
Company LOGO Broader Impacts Sherita Moses-Whitlow 07/09/09.

Company LOGO Broader Impacts Sherita Moses-Whitlow 07/09/09.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
Information Assurance Research and Training at Iowa State University (ISU) Johnny Wong Information Assurance Center (IAC) www.iac.iastate.edu Information.

Information Assurance Research and Training at Iowa State University (ISU) Johnny Wong Information Assurance Center (IAC) Information.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.

Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
University of Tulsa - Center for Information Security Center for Information Security: An Overview October 4th, 2002.

University of Tulsa - Center for Information Security Center for Information Security: An Overview October 4th, 2002.

Similar presentations

Ads by Google