ARJ  Volume 105 No 2

Download the this issue (complete journal) (~6.6 MB).

Download the cover (Editorial Board Information) (~3.39 MB).

Table of Contents & Guest editorial (~2.35 MB)

Jump to Paper:

1. Comtemplating Skill-Based Authentication

2. Forensic Entropy Analysis of Microsoft Windows Storage Volumes

3. Moving Reputation to the Cloud

by Karen Renaud, Joe Maguire, Johan van Niekerk and Demetris Kennes.

Abstract: Humans develop skills as they go through their lives: some are fairly common, such as reading, but others are developed to maximise employment opportunities. These skills develop over a long period of time and are much rarer. Here we consider whether we can exploit this reality in the security arena, specifically to achieve a stronger form of authentication. Authentication has traditionally been performed based on what users know, hold or are. The first is the most popular, in the form of the password. This is often referred to as “knowledge-based” authentication. Yet, rigorously following guidelines for password creation produces forgettable gibberish and nonsense strings, not knowledge. Nonsense is hard to remember and users engage in a number of coping strategies to ameliorate this, and these tend to weaken the authenticator. It would be beneficial to find a way of reducing this memorial load, to identify a more usable mechanism. This is hard: usually reducing the memorial load also makes the secret easier to guess. The challenge is in finding a way to reduce memory load while holding the line as far as strength is concerned. Here we contemplate exploiting recognition of artefacts resulting from experts practicing their craft: “skill-based” authentication. This should reduce the memorial load and effort, but also, crucially, make it harder for a random intruder to replicate. We report on how we trialled SNIPPET, a prototype of an authentication mechanism that relied on an expert programmer identifying his/her own code snippets from successive challenge sets. We found that our participants were all able to identify their own code snippets and that other participants were unable to guess these, even when they observed the legitimate person authenticating beforehand. These findings are not conclusive given the small number of participants but they do show promise and suggest that this is an area worth pursuing. We conclude by returning to the three NIST-identified forms of authentication
Download Paper (667 KB)

by P. J. Weston* and S. D. Wolthusen†

Abstract: The use of file or volume encryption as a counter-forensic technique depends on the ability to plausibly deny the presence of such encrypted data. Establishing the likely presence of encrypted data is highly desirable for forensic investigations. We claim that the current or previous existence of encrypted volumes can be derived from studying file and volume entropy characteristics using knowledge of the development of volume entropy over time. To validate our hypothesis, we have examined several versions of the Microsoft Windows operating system platform over a simulated installation life-cycle and established file and volume entropy metrics. Similarly we verified the hypothesis that the ageing through regular use of an installation is identifiable through entropy fingerprint analysis. The results obtained and tests devised allow the rapid identification of several volume-level operations and also detect anomalous slack space entropy indicative of the use of encryption techniques. .
Download Paper (~1.13 MB)


by C. Hillebrand and M. Coetzee†

Abstract: Reputation is used to regulate relationships of trust in online communities. When deploying a reputation system, the requirements and constrains of the specific community needs to be accommodated in order to assist the community to reach their goals. This paper identifies a need for a framework for a configurable reputation system with the ability to accommodate the requirements of a variety of online communities. Such a reputation system can be defined as a service on the Cloud, to be composed with the application environment of the online community. Consequently, this paper introduces the concept of RaaS (Reputation-as-a-Service) and discusses a potential framework to support the creation of a RaaS. In order to define the framework, research is conducted into features of SaaS (Software-as-a-Service) architecture components, user requirements for trust and reputation, and features of current centralized online reputation frameworks that can be configured in order to support a reputation service on the Cloud.
Download Paper (~1.57 MB)