Richard Boddington PhD Thesis Proposal Work in action Commenced 0305

1
Richard BoddingtonPhD Thesis ProposalWork in
actionCommenced 03/05
Confirming the Authenticity and Integrity of
Digitised Information in Networked Databases for
Evidentiary Purposes Supervisor Dr. Val Hobbs
2
Overview

• The storage of information in electronic formats
  is a rapidly developing phenomenon
• This poses challenges in maintaining and later
  confirming
• Data authenticity
• Data integrity

3
Legal Technical Security Issues

• This has implications for the admissibility of
  electronic records during legal processes
• Courts dont understand technology
• IT developers and managers dont understand legal
  issues
• Security is the poor relation, hiding behind a
  smokescreen
• The tail wagging the dog?

4

• Proof of authenticity
• The origin of the data - its relation to itself
  over time - knowing who created it
• Proof of Integrity
• The validity of data not concerned with the
  origin of the data (who created it, when, or how)
  but if it has been modified since its creation

5
Pristine State of Records

• Counter-measures focus on detection, prevention
  and preservation
• Forensic investigation focuses on what has
  happened to digitised records
• Appears little, if anything is done to determine
  what has not happened whether a record has
  retained its authenticity and integrity
• How may a court quickly decide the authenticity
  of and integrity of a records?

6
Novel Legal Issues

• Are the laws adequate? Do we need to rethink old
  law or create new law?
• Present law could be applied to the regulation of
  cyberspace
• This may fit existing legal doctrine that only a
  few statutory amendments and rational precedents
  are needed to reconcile it with existing law
• But may be fitting the square peg into the round
  hole
• Cyberspace may have underlying assumptions so
  different from the world in which traditional
  rights and responsibilities are conceptualized
  such rights and responsibilities must themselves
  be rethought
• Are users unaware or unconcerned about the
  implications on their information
  holdings? (Dierks, 1993)

7
(No Transcript)
8
Is there a Problem Maintaining Authenticity and
Integrity?

• An inherent weaknesses in network databases pose
  a threat to
• Confidentiality Authenticity
• Integrity Continuity of service
• Problems with internal and external users
• Accidental Malicious
• Problems with software and hardware

9
Vulnerability Protection

• Extensive over-reliance on technology
• Firewalls
• Intrusion Detection Systems
• Vulnerability Checkers
• Anti-virus, Trojan, Spam software
• Cryptography
• Honesty of DBAs
• Digital Watermarks and Signatures
• Security Plans, etc, etc, etc.

10
But, do they work?

• Most computer security measures try to deal with
  the external attacker, but are pretty much
  powerless against insiders
• Most systems are vulnerable to dedicated attacks
• Too much reliance on defensive measures, rather
  than preservation and confirmation of information
  in a verifiable, pristine state?
• This places the authenticity and integrity of
  information at risk
• Storm in a teacup or a Tsunami about to strike?

11
Admissibility as Evidence

• Proof of authentication and integrity may be
  required in the absence of an original, physical
  document, e.g., a photograph, manuscript, or
  report
• Chain of custody would be required to prove the
  origin and state of electronic information
• Failure to establish credibility during
  discovery may result in inadmissibility of a
  electronic information as documentary evidence

12
Research Question and Design

• How may the authenticity and integrity of
  digitised records be confirmed to satisfy its
  admissibility as evidence in legal process?
• Positivist/quantitative possibly action
  research
• Validation through simulation

13
Methodology

• Control model
• To determine vulnerability (Threat Modelling)
• To evaluate results and identify viable solutions
• Test model
• Attack trees, Oubliette, Adjudication, etc.
• Compare results with the control model
• Validation of admissibility of evidence
• Report on outcomes

14
Perceived Benefits

• Improved admissibility of electronic records
  during legal processes
• Prototype model for use in the field
• Secondary benefits
• Enhanced conformity with record and archive
  standards
• Fraud and forgery detection through anomaly
  analysis

15
Likely Test Candidates

• Hash Fingerprinting (CRC.COM, HASH.EXE, or
  MD5.ZIP, Tripwire)
• Authenticity checking (SecurID cards)
• Tamper Resistance (Intensional Logic)
• System Controls (Oubliette)
• The search goes on

An extra tim tam for Richard
16
References

• Caloyannides, M. A. (2001). Computer forensics
  and privacy. Norwood, Minnesota Artech House.
• Dierks, M. P. (1993). Computer Network Abuse, 6
  HARV. J.L. TECH. 307, 308 (1993).
• Schneier, B. (2000). Secrets and lies digital
  security in a networked world. New York, Wiley
  Computer Publishing.
• Schweitzer, D. (2002). Securing the network from
  malicious code a complete guide to defending
  against viruses, worms, and Trojans.
  Indianapolis Wiley Publishing, Inc.
• Williams v. Board of Regents of the Univ. Sys. of
  Ga., 629 F.2d 993 (5th Cir. 1980).
• Williamson, K. (2000). Research methods for
  students and professionals. Wagga Wagga, N. S. W.
  Centre for Information Studies.

17
For Diarmuid Pigott Thanks for all your
inspiration!