Browsing by Author "Nobles, P."
Now showing 1 - 5 of 5
Results Per Page
Sort Options
Item Open Access Assessing the evidential value of artefacts recovered from the cloud(2017-06-14) Mustafa, Z. S.; Maddison Warren, Annie; Morris, S.; Nobles, P.Cloud computing offers users low-cost access to computing resources that are scalable and flexible. However, it is not without its challenges, especially in relation to security. Cloud resources can be leveraged for criminal activities and the architecture of the ecosystem makes digital investigation difficult in terms of evidence identification, acquisition and examination. However, these same resources can be leveraged for the purposes of digital forensics, providing facilities for evidence acquisition, analysis and storage. Alternatively, existing forensic capabilities can be used in the Cloud as a step towards achieving forensic readiness. Tools can be added to the Cloud which can recover artefacts of evidential value. This research investigates whether artefacts that have been recovered from the Xen Cloud Platform (XCP) using existing tools have evidential value. To determine this, it is broken into three distinct areas: adding existing tools to a Cloud ecosystem, recovering artefacts from that system using those tools and then determining the evidential value of the recovered artefacts. From these experiments, three key steps for adding existing tools to the Cloud were determined: the identification of the specific Cloud technology being used, identification of existing tools and the building of a testbed. Stemming from this, three key components of artefact recovery are identified: the user, the audit log and the Virtual Machine (VM), along with two methodologies for artefact recovery in XCP. In terms of evidential value, this research proposes a set of criteria for the evaluation of digital evidence, stating that it should be authentic, accurate, reliable and complete. In conclusion, this research demonstrates the use of these criteria in the context of digital investigations in the Cloud and how each is met. This research shows that it is possible to recover artefacts of evidential value from XCP.Item Open Access Indoor geolocation for wireless networks(2011-01-11) Ali, S.; Nobles, P.An ever growing demand for ‘location based services’ and the unprecedented growth of wireless local area networks (WLAN) has, in the past few years, attracted the focus of the research community to investigate and develop accurate indoor geolocation systems. Performance of any geolocation system is based upon the reported distance error . The accuracy required varies from application to application. For example an accurate geolocation system is required to apprehend a rogue client (illegitimate connection) inside a building in a dense wireless environment. At present this is possible only through wireless radio frequency (RF) interception of signals. The received signal strength (RSS) of a signal can be used to report the position of a client by triangulation. The hostile indoor environment presents many challenges including multipath and wall attenuation that needs to be considered for determining accurate indoor location. In this thesis a novel method to reduce the variation in RSS values is demonstrated by exploiting the frequency diversity existing across multiple channels of devices equipped with the IEEE 802.11 a/b/g wifi (wireless fidelity) standards. Absorption of the RF signal due to walls is observed and identified as one of the major factors that influence location estimation. RSS from different directions and within different environments is also studied. The processed RSS values are then applied to location estimation using a novel RSS threshold algorithm based upon a RF propagation model. The algorithm is designed based on the room dimensions where location sensors are placed. The algorithm’s main feature is to correctly identify the walls existing between the sensors and client. Correct determination of walls together with a data fusion process produces accurate location results. For a set of example locations, the algorithm gives an accuracy of 3m for 75% of the locations and in terms of mean location error, is shown to be 2.16m for 100% of the locations. The reported accuracy is superior to the most accurate existing systems. The research trend for indoor geolocation has recently focused upon a ‘finger-printing’ technique, which is environment dependant and time consuming. The results achieved and presented in this thesis revive the use of simple propagation modelling for indoor geolocation applications.Item Open Access Knowing who to watch: accumulating evidence of subtle attacks(2010-09-23T08:46:19Z) Chivers, H.; Clark, J. A.; Nobles, P.; Shaikh, S. A.; Chen, H.Insider attacks are often subtle and slow, or preceded by behavioral indicators such as organizational rule-breaking which provide the potential for early warning of malicious intent; both these cases pose the problem of identifying attacks from limited evidence contained within a large volume of event data collected from multiple sources over a long period. This paper proposes a scalable solution to this problem by maintaining long-term estimates that individuals or nodes are attackers, rather than retaining event data for post-facto analysis. These estimates are then used as triggers for more detailed investigation. We identify essential attributes of event data, allowing the use of a wide range of indicators, and show how to apply Bayesian statistics to maintain incremental estimates without global updating. The paper provides a theoretical account of the process, a worked example, and a discussion of its practical implications. The work includes examples that identify subtle attack behaviour in subverted network nodes, but the process is not network-specific and is capable of integrating evidence from other sources, such as behavioral indicators, document access logs and financial records, in addition to events identified by network monitoring.Item Open Access A Novel training-based MIMO channel estimation scheme for layered space-time systems in frequency selective wireless channels(2009-07-14T12:52:42Z) Siyau, M. F.; Ormondroyd, Prof R. F.; Nobles, P.New development in wireless technology using multiple antennas with appropriate space-time processing has recently become the new frontier of wireless communication systems due to the potential for providing very high spectral efficiency and enormous capacity improvement over the conventional wireless radio communications. The technical advances in using the multiple-input multiple-output (MIMO) wireless links present a promising breakthrough in resolving the bottleneck of current capacity limitation for future intensive wireless networks. The MIMO wireless systems utilize multiple antennas at both side of the transmitter and the receiver for enormous gains in spectral efficiency as well as system capacity in terms of higher data throughput by exploiting the multipath diversity in a rich scattering environment. A number of MIMO systems have been proposed to permit very high transmission rate, far exceeding the conventional communication technique. In particular, the Bell Laboratories layered space-time (BLAST) architecture has been presented that uses concept of spatial diversity and successive interference cancellation technique to improve the quality of signal reception over the flat-fading or the frequency selective fading channel. However, in order to achieve the quoted capacity gains in MIMO systems, the channeli nformation in terms of the multiple channeli mpulse responses(C IRs) and their fading coefficients must be known or estimated, which requires the design of a suitable channele stimator.T hus far, existing MIMO channele stimations chemesh aveb eenm ostly limited to the flat-fading case or cater specifically for coded space-time systems such as space-timeb lock code systems.I n this thesis,t he work is to considert he existing MIMO channel estimation techniques (used in the flat fading condition) and extend them to cater for a more realistic time-varying, frequency selective fading channel. The focus of this thesis has been the design and development of suitable training-based MIMO channel estimation scheme as well as the formulation of a new pilot code to enable effective estimation for the frequency selective channel. The novel channel estimator is also incorporatedi nto the BLAST architecturet o allow the practical assessmenotf using nonidealized channel to be studied and analysed for the performance of the MIMO systems. The driver for this work has been the recognition of the importance of channel knowledge for all the MIMO system to be used in practical application.Item Open Access Textile antenna with simultaneous frequency and polarization reconfiguration for WBAN(IEEE, 2017-12-25) Salleh, S. M.; Jusoh, M.; Ismail, A. H.; Kamarudin, M. R.; Nobles, P.; Rahim, M. K. A.; Sabapathy, T.; Osman, M. N.This paper proposes the design of a reconfigurable circularly polarized textile antenna. The circular polarization feature in the proposed antenna is generated by the edge-truncation of a rectangular patch and the incorporation of a slotted ground plane, whilst the frequency re-configurability feature is realized by slot size modification via the use of three embedded RF PIN diode switches. Consequently, the antenna operation can be switched between six frequencies (1.57 GHz, 1.67 GHz, 1.68 GHz, 2.43 GHz, 2.50 GHz and 2.55 GHz) depending on the seven switch configurations. The proposed antenna is validated experimentally to be operable within the WBAN, WLAN and GPS range in a compact and wearable format, with gains of up to 4.8 dBi.