Categories
Interviews

'Consumers are unaware of the economic value of their personal information'

We would like to introduce you to Fernando Pérez-González, featured amongst the keynote speakers of the 1st Conference on Security and Privacy in New Computing Environments (SPNCE), taking place on December 15-16, 2016 in Guangzhou, China.  His research interests lie in the crossroads of signal processing, security and privacy. Read on to find out what exactly he plans to offer to the research and innovation community.
Could you summarize the scope of your current work and what you are coming to share with everyone at SPNCE 2016?
My general field of research is information forensics, security and privacy. Regarding privacy, I work in three main directions: one is privacy-preserving data and signal processing, another is anonymous mixes, and a third one lies in traffic analysis attacks. Although I have done a bit of research on location privacy, I have been following the developments in the area for several years and I want to give the audience a fresh, unbiased view of its current state of development and the challenges that lie ahead. It is a fortunate fact that in the past few years there have been some groundbreaking proposals that open many new paths for research and unveil the tradeoffs that location privacy must meet.
What are some of those proposals?
Quite unbelievably, one of the problems that researchers have faced for more than a decade is how to properly define location privacy. While, perhaps evidently, the definition of privacy depends on the specific application, what is not so much known is that a higher layer of formalization is possible that encompasses many of those definitions, so that you don’t have to figure out what to do every time you come up with a new idea that involves location privacy. Another recent finding is that privacy must be defined by having in mind an adversary that is trying to infer the user’s actual location. This has the consequence that the design of location privacy preserving mechanisms must factor in the existence of smart and powerful adversaries. I invite people to come to my talk and learn the details!
What do you see as the greatest challenges in the future for digital security and privacy?
One of them is evidently public awareness of the security and privacy threats that the digital revolution has brought about, especially more so with the cloud spreading its wings and the unfathomable power of big data. On the adversarial side, big data will show how vulnerable individuals and society are. Limits will be set to the commerce of data in order to avoid data concentration. Another challenge concerns the Internet of Things since, as several recent major attacks have shown, it has been generally designed with security and privacy out of the drawing board. A very important challenge lies in how the newly minted European Data Protection Regulation will affect both citizens and businesses, and how the lessons learned after its application at such large scale can be transposed to other markets.
You mention that consumers today are more than willing to grant mobile apps access to a lot of their personal information. This information will never stop being interesting to businesses or governments, yet users themselves don’t seem to resist very strongly at all. Do you foresee any development in this area at a systemic level that will improve data security and privacy of an individual, or is it a lost cause because it’s in nobody else’s interest?
As I said before, consumers are not aware of either the economic value or the relevance of personal information. App developers have convinced them that privacy and utility constitute a zero-sum game: you renounce your privacy in exchange of free apps. Well, as I will argue in my talk, first you’re probably selling too cheap and second, you can barely imagine how much can be inferred from your data. Right, but you still want that handy LED flashlight app in your smartphone, even though you can only install it if you accept to let it know exactly where you are anytime. Why would the flashlight app want to know where you are? Unbeknownst to most customers, to profit by selling such data. So I think we have reached an unfair market equilibrium, unfair because one of the players (the customer) has been given incomplete information about the game. It is the role of the legislators to both increase consumer awareness and drive the use of already existing technical tools that will shift the equilibrium point to one in which app developers can still use location data to improve user experience, but privacy is preserved as much as customers want.

*  *  *

Over time, users have become accustomed to sharing personal data when they install new apps in their smartphones. Declining to do so, normally aborts the installation process. Sadly, users have convinced themselves that the value of their data is much lower than that of the apps they install, “after all, they have nothing to hide”. And thus, in redefining their business models, many companies have touted better services and applications which even come for free in exchange for some loss of privacy. However, as we will argue, privacy and utility do not necessarily make up a zero-sum game.
In the case of space-time location, a kind of information that should be considered private, there are a number of alternatives for adversaries to learn it, ranging from the triangulation of cellular phone signals to the metadata of pictures shared in social networks. Using the powerful inference capabilities of data mining, some companies are even promising to combine all the available inputs to predict what will be the location of a person in the near future. A recent MIT study showed that with only four approximate space-time points, it was possible to univocally de-anonymize a user in a database with 1.5 million of them. And this might be just the beginning, as ever more intrusive applications step in. Even putting such an Orwellian perspective aside, it is easy to understand the immense value of location data. But there is more that users can do than giving up…
In this talk we will revisit the techniques, some of them little known, that can be applied to find out where we are, and the potential threats they entail when combined with data mining. Guaranteeing location privacy turns out to be an elusive problem, starting with the lack of one-fits-all definitions. We will describe the technologies that have been proposed during the last decade to protect location privacy, including anonymization, obfuscation, mixes, and processing with encrypted signals. Those technologies stand at the crossroads of several disciplines such as signal processing, information theory, software engineering, database management, game theory and cryptography. But we will also adopt a critical point of view: in complicating the setups and definitions, researchers have failed to answer some fundamental questions that we will single out. To conclude, we will discuss the challenges that lie ahead and their practical and societal impact.

Categories
Papers

Wading through the noise, or how to make sense of scattered e-mail addresses

‘Making sense of email addresses on drives’  by Neil C. Rowe, Riqui Schwamm, Michael R. McCarrin (U.S. Naval Postgraduade School, Computer Science Department), and Ralucca Gera (Applied Mathematics Department)
Best Paper Award at ICDF2C 2016, 8th EAI International Conference on Digital Forensics & Cyber Crime

Investigators of cyber crime rely on different kinds of physical and digital evidence, and hard drives fall into the category of the most useful. Drives often contain information in the form of email addresses, which can be used to build a picture of the social networks in which the drive owner participated. Information gathered this way is usually more reliable than what we can infer from publicly available data on the actual online social networks, if only because every user has the ability choose what is and what isn’t publicly available. But hard drives and large and there is plenty of noise to wade through if you’re looking for a specific type of information. Thus, the demand for new methods that can filter data based on interestingness is huge.
Thus far, little attention has been paid to mining email addresses from drives, their classification, or their connection to social networks. Work has been done on the classification of email messages from their message headers, but headers provide significantly richer contextual information than lists of email addresses scattered over a drive. What authors of this paper set out to do essentially equates to searching for needles in haystacks, but these needs could hold valuable information.
They have done their work with 2401 drives from 36 countries that represent a range of business, government, and home users, running the Bulk Extractor tool to extract all email addresses, effectively bypassing the file system and searching the raw drive bytes for patterns appearing to be email addreses. This totaled to respectable numbers – 292,347,920 addresses having an average of 28.4 characters per address, of which there were 17,544,550 addresses.
What followed was serious data-crunching. To learn more about the method, test setup, elimination of uninteresting addresses, and visualization of email networks and drive similarities, we recommend getting the full paper here.

Categories
Call for participation Conferences

Participate in ICDF2C 2016!

The 8th EAI International Conference on Digital Forensics & Cyber Crime (ICDF2C 2016), will take place in New York City, USA on 28-30 September, 2016.

As the Internet has made it easier to perpetrate crimes by providing criminals an avenue for launching attacks with relative anonymity and the increased complexity of the communication and networking infrastructure is making investigation of cybercrimes difficult, the field of digital forensics and cybercrime investigation has become very important for law enforcement, national security, and information assurance.

This year, in the light of these changes, ICDF2C 2016, wants to embrace two themes: Usage and implications of machine learning in digital forensic and Big data and digital forensics. Authors are encouraged to submit papers relating to these themes and also to the following topics of interest:

  • Anti Forensics and Anti-Anti Forensics;
  • Big Data and Digital Forensics;
  • Business Applications of Digital Forensics;
  • Civil Litigation Support;
  • Cloud Forensics;
  • Cyber Crime Investigations;
  • Data hiding and steganography;
  • Database Forensics;
  • Digital Forensic Science;
  • e-Discovery;
  • Hacking;
  • Incident Response;
  • Information Warfare & Critical Infrastructure Protection;
  • Law Enforcement and Digital Forensics;
  • Machine learning and Digital Forensics;
  • Malware & Botnets;
  • Mobile / Handheld Device & Multimedia Forensics;
  • Money Laundering;
  • Network forensics;
  • New chip-off techniques;
  • Novel Digital Forensics Training programs
  • Online Fraud.

Click here to see all topics.

ICDF2C 2016 will also host a keynote speech given by Prof. Nasir Memon (NYU Polytechnic School of Engineering) and Ms. Elizabeth Schweinsberg (Incident Responder, Google, Inc.).

If you are interested in learning about dealing with large amount of data during investigations, you have an opportunity to join the NUIX workshop on September 28 at the EAI International Conference on Digital Forensics & Cyber Crime in New York to find out how! Know more about the NUIX workshop and register here!

ICDF2C is also proud to held Drone Forensics Workshop given by Devon Clark.  Know more about Drone Forensics Workshop here!

For those, who are interested in Full Disk Encryption password cracking, we offer 1 hour workshop will provide a quick blueprint about recent work Ventura has done on Incident Response and cyber investigations to crack Full Disk Encryption volumes. In order to achieve that, some password attacking tactics will be addressed as well as some novelties in the password cracking philosophy given new paradigms (case context, cloud, etc). Get more information about Full Disk Encryption Password Cracking Workshop here!

Research papers will be published in the Journal of Digital Forensics, Security and Law (JDFSL). JDFSL is an open access journal with a solid indexing including Thomson Reuters ISI Web of Science. Accepted papers will be indexed in: a) Google Scholar b) DBLP c) ProQuest d) EBSCO Host just to name a few. Articles will be available for readers online at no cost given the open access nature of the journal. Accepted papers will be published in a special issue of the Journal of Digital Forensics, Security and Law. Best papers will be considered for publication in the EAI Transactions on Security and Safety.

Final program is now published!

CLICK TO VIEW Accepted Authors at ICDF2C 2016 and the papers they will present at the Conference!

The registration of ICDF2C conference is open! Click here to register.

For more information about ICDF2C 2016, visit the conference official website.

Categories
Call for papers Conferences

ICDF2C 2016: Call for industry talks, panel discussions, workshops and tutorials!

The 8th EAI International Conference on Digital Forensics & Cyber Crime (ICDF2C 2016), will take place in New York City, USA on 28-30 September, 2016.

As the Internet has made it easier to perpetrate crimes by providing criminals an avenue for launching attacks with relative anonymity and the increased complexity of the communication and networking infrastructure is making investigation of cybercrimes difficult, the field of digital forensics and cybercrime investigation has become very important for law enforcement, national security, and information assurance.

This year, in the light of these changes, ICDF2C 2016, wants to embrace two themes: Usage and implications of machine learning in digital forensic and Big data and digital forensics. Authors are encouraged to submit papers relating to these themes and also to the following topics of interest:

  • Anti Forensics and Anti-Anti Forensics;
  • Big Data and Digital Forensics;
  • Business Applications of Digital Forensics;
  • Civil Litigation Support;
  • Cloud Forensics;
  • Cyber Crime Investigations;
  • Data hiding and steganography;
  • Database Forensics;
  • Digital Forensic Science;
  • e-Discovery;
  • Hacking;
  • Incident Response;
  • Information Warfare & Critical Infrastructure Protection;
  • Law Enforcement and Digital Forensics;
  • Machine learning and Digital Forensics;
  • Malware & Botnets;
  • Mobile / Handheld Device & Multimedia Forensics;
  • Money Laundering;
  • Network forensics;
  • New chip-off techniques;
  • Novel Digital Forensics Training programs
  • Online Fraud.

To see more topics, click here.

ICDF2C 2016 will also host a keynote speech given by Prof. Nasir Memon (NYU Polytechnic School of Engineering) and Ms. Elizabeth Schweinsberg (Incident Responder, Google, Inc.).

If you are interested in learning about dealing with large amount of data during investigations, you have an opportunity to join the NUIX workshop on September 28 at the EAI International Conference on Digital Forensics & Cyber Crime in New York to find out how!

This session will dive into the following topics:

  • Custom Processing,
  • Search and Tag,
  • Nuix Management Console,
  • Defensible Deletion,
  • Encrypted NSFs,
  • Nuix Web Review and Analytics,
  • Item clustering,
  • Context (Incident Response),
  • Tiered Reports,
  • Email Threading.

Know more about the NUIX workshop and register here!

Research papers will be published in the Journal of Digital Forensics, Security and Law (JDFSL). JDFSL is an open access journal with a solid indexing including Thomson Reuters ISI Web of Science. Accepted papers will be indexed in: a) Google Scholar b) DBLP c) ProQuest d) EBSCO Host just to name a few. Articles will be available for readers online at no cost given the open access nature of the journal. Accepted papers will be published in a special issue of the Journal of Digital Forensics, Security and Law. Best papers will be considered for publication in the EAI Transactions on Security and Safety.

Submissions: industry talks, panel discussion, workshops & tutorials:
Submissions can be made in a number of categories: Completed research papers, research-in-progress papers, industrial talks, panel and tutorial proposals, and round table discussions. Please follow the following guidelines in preparing your submission.

  • Industrial Talk: Typically a 1,000 word description of the proposed talk. All talks must be vendor neutral.
  • Round Table Discussion: Typically a 1,000 word synopsis of the topic area.
  • Panel Proposals: Typically a 1,000 word description, identifying the panelists to be involved.
  • Tutorial Proposals: Typically a 1,000 word description of topic(s), potential speakers, program length, and potential audience. Also, include proposer resume(s).

All proposals should be submitted to the general chairs (FBreitinger, IBaggili at newhaven.edu).du).

Important dates:

Submission deadline:  1 August 2016

Notification of Acceptance:  10 August 2016

Registration Opens:  18 July 2016

Camera-ready deadline:  1 August 2016

For more information about ICDF2C 2016, visit the conference official website.

Categories
Call for papers Conferences

Deadline Extension for ICDF2C 2016

The 8th EAI International Conference on Digital Forensics & Cyber Crime (ICDF2C 2016), will take place in New York City, USA on 28-30 September, 2016.

As the Internet has made it easier to perpetrate crimes by providing criminals an avenue for launching attacks with relative anonymity and the increased complexity of the communication and networking infrastructure is making investigation of cybercrimes difficult, the field of digital forensics and cybercrime investigation has become very important for law enforcement, national security, and information assurance.

This year, in the light of these changes, ICDF2C 2016, wants to embrace two themes: Usage and implications of machine learning in digital forensic and Big data and digital forensics. Authors are encouraged to submit papers relating to these themes and also to the following topics of interest:

  • Anti Forensics and Anti-Anti Forensics;
  • Big Data and Digital Forensics;
  • Business Applications of Digital Forensics;
  • Civil Litigation Support;
  • Cloud Forensics;
  • Cyber Crime Investigations;
  • Data hiding and steganography;
  • Database Forensics;
  • Digital Forensic Science;
  • e-Discovery;
  • Hacking;
  • Incident Response;
  • Information Warfare & Critical Infrastructure Protection;
  • Law Enforcement and Digital Forensics;
  • Machine learning and Digital Forensics;
  • Malware & Botnets;
  • Mobile / Handheld Device & Multimedia Forensics;
  • Money Laundering;
  • Network forensics;
  • New chip-off techniques;
  • Novel Digital Forensics Training programs
  • Online Fraud.

To see more topics, click here.

ICDF2C 2016 will also host a keynote speech given by Prof. Nasir Memon (NYU Polytechnic School of Engineering).

Research papers will be published in the Journal of Digital Forensics, Security and Law (JDFSL). JDFSL is an open access journal with a solid indexing including Thomson Reuters ISI Web of Science. Accepted papers will be indexed in: a) Google Scholar b) DBLP c) ProQuest d) EBSCO Host just to name a few. Articles will be available for readers online at no cost given the open access nature of the journal. Accepted papers will be published in a special issue of the Journal of Digital Forensics, Security and Law. Best papers will be considered for publication in the EAI Transactions on Security and Safety.

Important dates:

Full Paper Submission Deadline: 13th April, 2016   25th April, 2016

Notification Deadline: 1st July, 2016

Camera-ready Deadline: 1st August, 2016

For more information about ICDF2C 2016, visit the conference official website.

Categories
Call for papers Conferences

ICDF2C 2016 is calling for papers!

ICDF2C 2016, the 8th EAI International Conference on Digital Forensics & Cyber Crime, will take place in New York City, USA on 28-30 September, 2016.

The field of digital forensics and cybercrime investigation has become very important for law enforcement, national security, and information assurance. This is a multidisciplinary area that encompasses law, computer science, finance, telecommunications, data analytics, and policing. This conference brings together practitioners and researchers from diverse fields providing opportunities for business and intellectual engagement among attendees.

This year, ICDF2C 2016 wants to embrace two themes: Usage and implications of machine learning in digital forensic and Big data and digital forensics. Authors are encouraged to submit papers relating to these themes and also to the following topics of interest:

  • Anti Forensics and Anti-Anti Forensics;
  • Big Data and Digital Forensics;
  • Business Applications of Digital Forensics;
  • Civil Litigation Support;
  • Cloud Forensics;
  • Cyber Crime Investigations;
  • Data hiding and steganography;
  • Database Forensics;
  • Digital Forensic Science;
  • e-Discovery;
  • Hacking;
  • Incident Response;
  • Information Warfare & Critical Infrastructure Protection;
  • Law Enforcement and Digital Forensics;
  • Machine learning and Digital Forensics;
  • Malware & Botnets;
  • Mobile / Handheld Device & Multimedia Forensics;
  • Money Laundering;
  • Network forensics;
  • New chip-off techniques;
  • Novel Digital Forensics Training programs
  • Online Fraud.

To see more topics, click here.

ICDF2C 2016 will also host a keynote speech given by Prof. Nasir Memon (NYU Polytechnic School of Engineering).

Research papers will be published in the Journal of Digital Forensics, Security and Law (JDFSL). Accepted papers will be published in a special issue of the Journal of Digital Forensics, Security and Law. The program committee may designate up to three papers accepted to the conference as ICDF2C Best Papers. Every submission (full research paper) is automatically eligible for this award.

Important dates

Full Paper Submission Deadline: 13th April, 2016

Notification Deadline: 1st July, 2016

Camera-ready Deadline: 1st August, 2016

For more information about ICDF2C 2016, visit the conference official website.

Categories
Call for papers Conferences

ICDF2C 2016 is accepting papers!

ICDF2C 2016, the 8th EAI International Conference on Digital Forensics & Cyber Crime, will take place in New York City, USA on 28-30 September, 2016.

The field of digital forensics and cybercrime investigation has become very important for law enforcement, national security, and information assurance. This is a multidisciplinary area that encompasses law, computer science, finance, telecommunications, data analytics, and policing. This conference brings together practitioners and researchers from diverse fields providing opportunities for business and intellectual engagement among attendees.

This year, ICDF2C 2016 wants to embrace two themes: Usage and implications of machine learning in digital forensic and Big data and digital forensics. Authors are encouraged to submit papers relating to these themesand also to the following topics of interest:

  • Anti Forensics and Anti-Anti Forensics;
  • Big Data and Digital Forensics;
  • Business Applications of Digital Forensics;
  • Civil Litigation Support;
  • Cloud Forensics;
  • Cyber Crime Investigations;
  • Data hiding and steganography;
  • Database Forensics;
  • Digital Forensic Science;
  • e-Discovery;
  • Hacking;
  • Incident Response;
  • Information Warfare & Critical Infrastructure Protection;
  • Law Enforcement and Digital Forensics;
  • Machine learning and Digital Forensics;
  • Malware & Botnets;
  • Mobile / Handheld Device & Multimedia Forensics;
  • Money Laundering;
  • Network forensics;
  • New chip-off techniques;
  • Novel Digital Forensics Training programs
  • Online Fraud.

To see more topics, click here.

Research papers will be published in the Journal of Digital Forensics, Security and Law (JDFSL). Accepted papers will be published in a special issue of the Journal of Digital Forensics, Security and Law. The program committee may designate up to three papers accepted to the conference as ICDF2C Best Papers. Every submission (full research paper) is automatically eligible for this award.

Important dates

Full Paper Submission Deadline: 13th April, 2016
Notification Deadline: 1st July, 2016
Camera-ready Deadline: 1st August, 2016

For more information about ICDF2C 2016, visit the conference official website.

Categories
Call for participation Conferences

ICDF2C 2015 is calling for participation!

The 7th EAI International Conference on Digital Forensics & Cyber Crime will take place in Seoul, South Korea on October 6–8, 2015.

The conference will be a great chance for all interested in the field of digital forensics and cyber crime investigation, which have become really important since the Internet made it easier for crimes to be perpetrated. At ICDF2C 2015 researchers and practitioners will have the possibility to discuss about the main topics from a multidisciplinary point of view, ranging also themes like computer science, finance, telecommunications, data analytics and policing.

Chaired by Dr. Joshua I. James (DFIRE Labs, Hallym University), the 7th edition of the conference will also introduce two special themes: Usage, Implications and investigation of the ‘Dark Web’ and Case studies and investigation techniques relating to cryptocurrencies, which promise to be a great opportunity for engagement among all attendees.

Furthermore, all participants will have the chance to take part in the speeches of the keynote speakers of the conference: Dr. Dave Dampier, Professor of Computer Science & Engineering at Mississippi State University specialized in Digital Forensics and Information Security and Max Goncharov, senior security Virus Analyst at Trend Micro Inc., and responsible for cybercrime investigations.

But this is not all! The conference will present six sessions, workshops and poster presentations and it will be held in partnership with the Korean Digital Forensics Society.

So don’t miss the opportunity to participate in ICDF2C! You can find more info about the conference here.

Categories
News

A conference on Digital Forensics and Cyber Crimes in Seoul not to be missed

Couple of months more till the seventh edition of the International Conference on Digital Forensics and Cyber Crimes to be held in Seoul, South Korea! The conference will take place on October 06-08, 2015 at the Convention Center of Police Mutual Aid Association in Seoul and promises to be a great chance for those interested in law, computer science, finance, telecommunications, data analytics, and policing to advance the state of the art in digital forensic and cyber-crime investigation.

This year’s hot topics will be the usage, implications and investigation of the “Dark Web” and case studies and investigation techniques relating to cryptocurrency.

Chaired by Prof. Joshua I. James from DFIRE Labs, SoonChunHyang University, the conference will be plenty of high-level discussions on topics ranging from cyber criminal psychology and profiling to Big Data and Digital Forensics, workshops and panels. You will also have the chance to listen the keynote lecture by Dr. Dave Dampier from Mississippi State University.

And if all this is not enough, you will be maybe interested in the fact that ICDF2C 2015 will run jointly with the Korean Digital Forensic Society’s Annual Conference (KDFS 2015).

Last but not least you will have the chance to visit Seoul and its interesting attractions.

See more info about the conference and the program here.